T-Mobile suffered a new data breach

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks.

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’

According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. The attackers viewed customer proprietary network information (CPNI) and carried out SIM swapping attacks on a small number of customers.

“Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI.” reported The T-Mo Report. “The second category an affected customer might fall into is having their SIM swapped.” “The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.”

Customer proprietary network information exposed in the attack could’ve included billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info.

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.” a T-Mobile Spokesperson told BleepingComputer.

T-Mobile customers should remain vigilant on unsolicited text messages or emails pretending to be from T-Mobile.

Unfortunately, this is the last incident in order of time suffered by the company, below is the list of previous incidents:

In August 2021, a security breach impacted 54 million customers.
In February 2021, hundreds of users were hit with SIM swapping attacks.
In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI).
In March 2020, threat actors gained access to T-Mobile customers and employee personal info.
In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers.
In 2018, data breach exposed personal information of up to 2 million customers.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.