T-Mobile Customers Affected By Massive Breach

Uploaded on 2021-08-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 54 million T-Mobile customers have been hit by a US data breach, the company has admitted, blaming the breach on a "highly sophisticated cyberattack". The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The company has it said it is "taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack" and has confirmed that an unknown individual in an online forum is claiming to have breached its systems and attempting to sell stolen customer data. 

Those T-Mobuile customers affected include 7.8 million current postpaid customers and about 46 million former and prospective customers who applied for payment plans, but no financial details were leaked, so far as the company is aware.

While US officials have warned of an increase in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point.
"Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems... We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment... We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers." a spokesman said.

Around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but T-Mobile says that it has reset all of the PINs on the accounts to protect customers. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of the customers whose details were breached.

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.
There is no indication yet that former UK customers of T-Mobile have been hit by the data breach. The company's UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small, raising concerns from many that no company is immune

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. T-Mobile advisess that changing your account password and PIN should be one of the first things you do, because the personal information made available through the data breach can give an attacker almost everything they need to gain access T-Mobile users' accounts.

Reuters:      ABC:      Washington Post:     Financial Times:     Wall Street Journal:      BBC:

You Might Also Read:

Minimising The Impact Of Ransomware:

 

« US State Department Under Attack
Seven Ways That Social Media Sabotages Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.

Interlock

Interlock

Interlock are building blockchain-based security products that solve legacy web2 security issues - phishing and social engineering.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.