T-Mobile has informed its millions of customers that an attacker exploited a vulnerability in an API to acquire personal information.
While acknowledging that some “basic customer information (almost all of which is the kind publicly accessible in marketing databases or directories)” was accessed, T-Mobile sought to downplay the event in a warning posted on the company’s website.
Names, addresses, email addresses, phone numbers, birth dates, and account numbers are all included in the data, making it vulnerable to identity theft, phishing, and other forms of social engineering.
There are millions of people who have been affected
The business assured customers that their personal information, including passwords, credit card details, Social Security numbers, government ID numbers, and bank account numbers, was secure. It said that it has found no indication of a compromise in its networks or systems after conducting an examination.
The alert does not specify how many individuals were impacted or what kind of accounts were hacked, but 37 million consumers overall had their data accessed, including both prepaid and postpaid subscribers.
Between November 25th, 2022 and January 5th, 2023, the assault was happening. On January 6th, T-Mobile terminated the access of the threat actors.
According to reports, the corporation has informed U.S. law enforcement and government authorities about the assault, and an investigation is now underway. T-Mobile also said that it has begun informing consumers whose information may have been exposed.
The history of data breaches at the German telecom giant is not good. At least three accidents are expected to occur in 2020, and the corporation has already had two in 2018 and one in 2019. The corporation paid hundreds of thousands of dollars in 2021 to prevent a leak of critical information that eventually occurred, and the company admitted it was extorted by the Lapsus$ gang the following year, in 2022.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover