HQ/EMEAFind out how we can help your business
Multinational telecommunication company, T-Mobile, disclosed the second data breach incident within their infrastructure this year. The hackers have accessed the personal data of its customers for more than a month, starting the last week of February 2023.
The latest breach has only impacted more than 800 individuals, significantly less than the first incident. However, the data breach could still pose massive threats as the affected users could experience identity theft and targeted phishing attacks.
The telecommunication company stated that an unauthorised activity emerged in their system, enabling a threat actor to access a limited amount of information from a few T-Mobile accounts between the last week of February to March 2023.
T-Mobile claimed that the actors did not acquire financial account details during the breach.
According to investigations, T-Mobile confirmed that the infiltrators did not obtain access to the customers’ call records or financial account information. Still, the exposed PII during the campaign is substantial for the actors to execute identity theft attacks.
The information included in the exposed PII could be full names, date of birth, contact information, T-Mobile account PIN, government ID, account number and associated phone numbers, balance due, internal codes that T-Mobile uses to service customer accounts, number of lines, and social security numbers.
After detecting the security breach, the company immediately reset the impacted customers’ account PINs. In addition, they offered the affected individuals a two-year free credit monitoring and identity theft detection services.
This data breach is the second incident this giant United States-based company revealed this year. The previous attackers in the first incident last January have stolen the personal information of 37 million customers.
The attackers exploited a flawed Application Programming Interface in November 2022, which led to its discovery earlier this year. Experts claimed that the attack could breed more subsequent campaigns targeting the users.
Potentially affected users should be vigilant regarding unwanted emails or communication from unknown sources, as threat actors could already use the stolen information to execute malicious activities.
