T-Mobile Reports Second Data Breach of 2023
T-Mobile disclosed a cybersecurity breach on Monday, marking its second of the year and 9th since 2018. From February 24th to March 30th, the breach exposed sensitive customer data. As per a notification on the Maine Attorney General's website, a total of 836 customers were affected by this incident.
Although previous data breaches targeting T-Mobile have impacted many more people, such as the breach reported earlier this year that affected 37 million customers, the recent incident is no less concerning. Despite only 836 customers being affected, a significant amount of personal information was exposed, leaving these individuals vulnerable to identity theft and phishing attacks.
"In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed. We were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," stated T-Mobile in data breach notification letters sent to those affected. The company has not disclosed the method used by the hacker to access T-Mobile's systems.
Although the exact data exposed in the breach varied for each customer, T-Mobile stated that it could include “full name, contact information, account number and associated phone numbers, T-Mobile accounts PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines."
T-Mobile clarified that the breach did not result in unauthorized access to personal financial information or call records. However, the personally identifiable information that was exposed could still be sufficient for identity theft.
To mitigate the breach's impact, T-Mobile has proactively reset the account PINs of affected customers. These PINs are used by customers to verify their identity when making account changes. They are also offering two years of free credit monitoring and identity theft protection services (provided by myTrueIdentity) to all impacted individuals.
T-Mobile's recent disclosure of a data breach marks the ninth incident the company has reported since 2018 — this year alone, T-Mobile has already experienced two breaches. This indicates a concerning pattern of security vulnerabilities.