Another year, another T-Mobile data breach

T Mobile logo on phone stock photo

T Mobile logo on phone stock photo

Edgar Cervantes / Android Authority

TL;DR

  • T-Mobile has disclosed a breach affecting 37 million accounts.
  • Details exposed in this incident include names, addresses, phone numbers, and more.
  • The carrier claimed that financial info, social security numbers, and government IDs weren’t exposed.

T-Mobile has suffered several data breaches since 2018, with the most recent incidents taking place in 2022 and 2021. Now, the US carrier has confirmed that it suffered yet another data breach, affecting 37 million prepaid and post-paid accounts.

T-Mobile confirmed the breach in a press release and via an SEC filing (h/t: TechCrunch), noting that the breach first took place on November 25 and was then detected on January 5. The attacker stole the data by using an API “without authorization.”

The carrier claimed that customer details such as payment information, social security numbers, government ID numbers, passwords/PINs, and other financial details weren’t exposed.

However, T-Mobile confirmed that exposed details included names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and plan details (e.g. number of lines, plan features).

Nevertheless, this latest breach comes almost a year after the company’s source code was reportedly stolen by the Lapsus cybercriminal group. It also comes after a major 2021 breach that affected over 47 million accounts. The 2021 incident exposed details such as social security numbers, drivers’ licenses, phone numbers, and physical addresses.