T-Mobile Data Breach, The Second Since The Year 2023

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | May 02, 2023 12:25 am PST

Although this breach only affected 1,000 customers as opposed to the 37 million affected by the previous one, T-Mobile US Inc. disclosed another data breach, its second disclosed breach in 2023. This is the eighth data breach since 2018.

836 customers were impacted by the most recent data breach, which was found in March. T-Mobile classified the breach as unlawful conduct in which a bad actor had access to information from a small number of consumers between late February and early March in a letter to affected customers dated April 28. This letter was discovered today by Bleeping Computer.

The information obtained includes complete names, contact details, account numbers, and associated phone numbers, T-Mobile account PINs, Social Security numbers, government-issued IDs, dates of birth, balance due, and internal codes used by T-Mobile to service client accounts. No call records or financial account information were impacted.

Customers who were impacted have had their PINs reset by T-Mobile, and they are also being given additional two years of free credit monitoring and identity theft services. The letter makes no mention of T-Mobile getting in touch with law authorities or employing a third-party forensics company, which is often the case in similar situations. Nevertheless, the corporation undoubtedly already has a third-party firm on hand, and the most recent breach may have been simply added to earlier investigations.

T-Mobile mentions twice in the letter that it takes these problems seriously, but considering the company’s history of hacking, this is a highly speculative statement. To its credit, the business continues to remain ahead of malicious actors; we must continue to improve our measures to prevent unwanted access like this.

It’s the latest in a string of data breaches at T-Mobile. In the breach that was previously revealed in January, 37 million customer records, including personally identifiable information, were stolen. The theft began on or around November 25 and wasn’t discovered until January 5.

Previous T-Mobile hacks include the theft of 48 million records in August 2021 and the theft of 2 million customer records in August 2018. Prepaid customer data was stolen in November 2019, employee and customer data was stolen in March 2021, and 2 million customer details were stolen in August 2018. In April 2022, Lapsus$ also gained access to T-Mobile’s internal systems.

As a result of the breach in August 2021, T-Mobile consented to pay $500 million to resolve a class action lawsuit in July. The agreement stipulated that $150 million would be used to improve data security while $350 million would go toward a settlement fund.

According to Dror Liwer, co-founder of the cybersecurity firm Coro Security Ltd., “this incident highlights the need for smart automation when it comes to containment and remediation of data breaches.” “T-Mobile put safeguards in place to warn them of unauthorized activity, but the attacker had access to the information for a month,” said the company. That period of time would have been significantly shorter if automation had been used.


T-Mobile US Inc. reported its eighth data breach since 2018, affecting fewer than 1,000 users instead of 37 million in the latest hack. The March breach affected 836 customers. T-Mobile’s April 28 letter to affected customers, defined the breach as a bad actor obtaining access to a small number of consumers’ data between late February and March. Full names, contact information, accounts and (phone numbers, T-Mobile account PINs, Social Security numbers, government IDs, dates of birth, balance due, and internal codes used by T-Mobile to service) client accounts were stolen. Call and financial data were unaffected.

T-Mobile reset users’ PINs and provided two years of not paying credit monitoring and identity theft services. The letter does not mention T-Mobile contacting law enforcement or hiring a third-party forensics firm, which is customary in these cases. However, the business likely already has one and may have added the recent breach to earlier investigations.

T-Mobile asserts twice in its letter that it takes these issues seriously, but given its history of hacks, that’s subjective.  Yet another T-Mobile data breach. The previous hack of 37 million customer records, including personally identifying information, began on Nov. 25 and was discovered on Jan. 5. T-Mobile was hacked in August 2018, November 2019, March 2021, and August 2021. In April 2022, Lapsus$ breached T-Mobile.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Julia O’Toole
Julia O’Toole , Founder and CEO
Industry Leader
May 4, 2023 8:14 pm

“This is a very worrying attack that hit T-Mobile and it follows a series of breaches against the business that raise red flags around the company’s cybersecurity posture.

It appears attackers have had access to confidential data for over a month, without victim knowledge, which will have allowed the criminals to extract data completely under the radar and commit further fraud.

Details into how attackers accessed systems are yet to be revealed, but with nine out of ten breaches occurring through phishing scams, where criminals steal employee credentials and log in into corporate networks, this will likely have played a part.

When it comes to defending against this threat, access segmentation and encryption management solutions provide the greatest protection. On one hand, access encryption removes passwords control from the employees, who cannot unwittingly them give away if targeted by phishing attacks. On the other hand, access segmentation stops an attack from spreading through the network after an initial attack and morphing into ransomware.”

Last edited 4 months ago by Julia O’Toole
Ryan McConechy
Ryan McConechy , Principle Consultant
InfoSec Expert
May 4, 2023 8:12 pm

“This latest cyberattack against T-Mobile may be smaller than previous breaches, but it doesn’t make it less concerning.
The fact that the attackers were able to operate on the T-Mobile network undetected for a month, stealing sensitive customer information without anyone’s knowledge is very concerning. Given that victims were unaware their data had been compromised, they would not have been on guard for phishing scams or been monitoring their accounts for fraudulent transactions, so it is likely attackers would have been able to exploit the stolen data during this time, completely under the radar.
To prevent these types of attacks, organisations must focus on cyber resilience.
Cyber resilience means implementing tools to stop attackers penetrating networks, but also having controls and plans in place to detect and contain their activity even when they do break in. Using strong, unique passwords, implementing MFA and Zero Trust principles, using Privileged Access Management (PAM), deploying layered security to prevent lateral movement, and training employees regularly on phishing and cybercrime are all critical controls that must be in place.”

Last edited 4 months ago by Ryan.McConechy

Recent Posts

Would love your thoughts, please comment.x