T-Mobile Discloses Second Data Breach…This Year

T-Mobile USA is once again in the headlines for yet another breach involving customer data – making this its second data breach in 2023 alone.

Bleeping Computer reported that T-Mobile had discovered that attackers had gained access to the personal information of hundreds of customers for more than a month, starting from late February 2023.

This is the second breach for T-Mobile this year, after it admitted in January that attackers had stolen data on 37 million customers, including billing addresses, phone numbers, email, dates of birth and T-Mobile account numbers.

Latest breach

And to make matters much worse, T-Mobile has witnessed an embarrassing large number of breaches of its corporate systems over the last eight years.

But this latest breach is perhaps smaller than previous breaches.

In its breach notification letters sent to impacted customers on Friday 28 April 2023, T-Mobile said that this latest incident only affected 836 customers.

“In March 2023, the measures we have in place to alert us to unauthorised activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023,” the operator stated.

The American mobile operator said the bad actors did not gain access to call records or affected’ personal financial account info, but personally identifiable information has been exposed, which could result in identify theft issues.

The exposed information varied for each of the affected customers, but T-Mobile said it could include “full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines.”

T-Mobile said that after detecting the security breach, it proactively reset account PINs for impacted customers and is offering them two years of free credit monitoring and identity theft detection services.

Very concerning

The fact that T-Mobile has experienced another breach yet again, drew a reaction from a number of cybersecurity professionals.

“This latest cyberattack against T-Mobile may be smaller than previous breaches, but it doesn’t make it less concerning,” noted Ryan McConechy, CTO of Glasgow-based cybersecurity specialist Barrier Networks.

“The fact that the attackers were able to operate on the T-Mobile network undetected for a month, stealing sensitive customer information without anyone’s knowledge is very concerning,” McConechy added.

“Given that victims were unaware their data had been compromised, they would not have been on guard for phishing scams or been monitoring their accounts for fraudulent transactions, so it is likely attackers would have been able to exploit the stolen data during this time, completely under the radar,” said McConechy.

McConechy said that in order to prevent these types of attacks, organisations must focus on cyber resilience.

“Cyber resilience means implementing tools to stop attackers penetrating networks, but also having controls and plans in place to detect and contain their activity even when they do break in,” said McConechy.

“Using strong, unique passwords, implementing MFA and Zero Trust principles, using Privileged Access Management (PAM), deploying layered security to prevent lateral movement, and training employees regularly on phishing and cybercrime are all critical controls that must be in place.”

Red flags

Meanwhile Julia O’Toole, CEO of MyCena Security Solutions that this latest attack is very worrying and she noted that “it follows a series of breaches against the business that raise red flags around the company’s cybersecurity posture.”

“It appears attackers have had access to confidential data for over a month, without victim knowledge, which will have allowed the criminals to extract data completely under the radar and commit further fraud,” said O’Toole.

“Details into how attackers accessed systems are yet to be revealed, but with nine out of ten breaches occurring through phishing scams, where criminals steal employee credentials and log in into corporate networks, this will likely have played a part,” said O’Toole.

“When it comes to defending against this threat, access segmentation and encryption management solutions provide the greatest protection,” said O’Toole. “On one hand, access encryption removes passwords control from the employees, who cannot unwittingly them give away if targeted by phishing attacks. On the other hand, access segmentation stops an attack from spreading through the network after an initial attack and morphing into ransomware.”

Previous hacks

T-Mobile has been compromised on multiple occasions in the past eight years.

In August 2021 it confirmed that had suffered “unauthorised access” to its systems after customer data appeared for sale on forum, said to be related to 80 million people obtained from T-Mobile servers.

In July 2022, T-Mobile agreed to pay $350 million to customers who filed a class action lawsuit and it agreed to spend an additional $150 million to upgrade data security.

Besides this latest breach and the August 2021 intrusion, T-Mobile has also disclosed breaches in January 2021, November 2019 and August 2018 in which customer information was accessed.

And in 2015 the personal data on 15 million T-Mobile USA customers appeared online for sale.

T-Mobile, based in Bellevue, Washington, became one of the largest mobile operators in 2020 when it finally closed its $26 billion acquisition of rival Sprint, in a deal that took years to complete.

The merger, which almost took place in 2014, was revealed in April 2018, but faced significant regulatory scrutiny over concerns it would reduce competition, and result in higher prices for consumers.

The combined entity now has more than 102 million customers, making it the third-largest wireless carrier in the United States