Since 2018, T-Mobile has experienced numerous data breaches, including a significant incident in early 2021 and then another incident in early 2022. T-Mobile promised to double its investment in its information security program after the event in 2021, which includes establishing a Cybersecurity Transformation Office.
Seemingly unable to catch a break, T-Mobile has announced yet another data breach that affects millions of its customers. Proving that the company is having the worst experience with cybersecurity.
T-Mobile disclosed in a press release on Thursday that a malicious party had accessed its systems using an API. Within 24 hours of discovering the unauthorized access, the carrier was able to stop it and, with the aid of cybersecurity professionals, identify the source.
After a comprehensive investigation, they found that a bad actor utilized a specific application program interface (API) to get a limited amount of information about the affected customers’ accounts. They are now in the process of notifying the affected customers of this discovery.
Customers’ accounts and funds shouldn’t be immediately in danger from this incident because the systems and rules prohibit access to the most private forms of consumer information. Furthermore, there is no evidence that the malicious party breached or infiltrated T-Network Mobile’s or systems.
T-Mobile calculates that about 37 million bill pay and prepay customers were impacted by the breach. However, the carrier claims that access to more private subscriber data, like social security numbers, driving licenses, financial information, and PINs or passwords, was blocked by its systems. Because of this, the malicious party was only able to access a restricted collection of customer account data, which included the account holder’s name, billing address, phone number, email, birth date, and the total number of lines on the account.
T-Mobile apologizes that this occurrence happened and recognizes the impact it has on their customers. Unfortunately, it doesn’t really matter if you’re a mobile phone service provider or a tech website. None of us are immune to this sort of cybercrime. It is just an unfortunate reality of having an online business. To T-mobiles credit, they still remain committed to making significant, long-term investments in enhancing their cybersecurity program despite all the setbacks.