X
search

T-Mobile suffers its second data breach in 2023

Pictured: Hisan Kidwai
By Hisan Kidwai
May 02, 2023
Featured image for T-Mobile suffers its second data breach in 2023

After suffering its second-biggest data breach back in January, impacting over 37 million people, T-Mobile has recently disclosed yet another data breach. And although this time, the breach was not extensive and only impacted over 800 people, threat actors did manage to get their hands on vast amounts of user information.

According to Bleeping Computer, the breach, which occurred between February 24th and March 30th, compromised user’s names, contact information, account numbers, phone numbers, account PINs, social security numbers, government IDs, dates of birth, balance due, internal codes, and the number of lines. While T-Mobile claims the hackers did not gain access to call records or personal financial account information, this amount of exposed data provides cybercriminals with enough information to commit identity theft and other forms of fraud.

Advertisement
Advertisement

“In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed, and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023,” says T-Mobile.

T-Mobile’s response

T-Mobile says that after first detecting the data breach, they were quickly able to mitigate it by resetting the account PINs for affected users. Additionally, the company is also offering two years of free credit monitoring and identity theft detection services through Transunion myTrueIdentity.

“We notified a small number of customers that our systems and processes worked to detect and stop a bad actor who was accessing accounts using compromised credentials,” said T-Mobile in a statement to CNET.

This latest data breach once again highlights the ever-growing importance of implementing stringent security measures to prevent cyber attacks. While, on the one hand, companies should implement strict security policies, provide ongoing employee training, and perform regular security audits, users, on the other hand, should regularly update their PINs and passwords, enable 2FA, and refrain from sharing sensitive information online.