Published: February 04, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
On January 19, 2023, T-Mobile released an official statement that clearly identified a security breach that affected millions of consumers. It appears to have ongoing starting on November 25, 2022 and continuing right up to January, as reported in the company’s SEC filing. It was discovered that more than 37 million current T-Mobile customers had their data stolen or otherwise compromised.
According to the statement issued by the wireless network operator, the so-called "bad actor" responsible for stealing this set of data was able to gain access to names, billing addresses, phone numbers, email addresses, T-Mobile account numbers, and date of birth records. In case you are asking if that is considered personally identifying information (PII), the answer is most definitely. And as bad as that is, apparently, the theft didn't stop there. Many members had account plan features and the number of lines they use also revealed. While on its own, the individual pieces may not seem so valuable, when it’s all put together, it’s a nice short bio on 37 million people. All of that information can be used to do targeted phishing attempts.
You see, with specifics like this included in an email, you are more likely to trust the sender. That means, you are also more likely to open attachments or click links that may be included. Don’t forget, these phishing attempts can also appear in voice calls (vishing) or by text (smishing).
T-Mobile alleges that this data breach wasn't done through their company system, but it was hacked through an abused application programming interface or API. These are used to integrate new applications with software that already exists. They are used a lot these days. But, no need to understand the technicalities of this to grasp that there was a breach of information.
T-Mobile further elaborated that this breach is currently still being investigated and no evidence supports that the T-Mobile network or systems themselves were compromised.
Since 2018, T-Mobile has experienced a succession of no fewer than 8 security breaches; one in 2022 being the most recent. In that one, Lapsus$, a group of well-known hackers, was responsible for SIM swap fraud attacks, which were carried out using the company's internal tools. SIM swap fraud happens when a hacker is successful at convincing the carrier that a SIM they have needs to be activated with another person’s phone number. That gives the attackers control over the stolen number.
Regardless of all of these items, if you are a T-Mobile customer, keep your ears and eyes open for targeted phishing using any of the PII stolen in this event. If ever you have a doubt about an email, voice call, or text, take a few moments to independently verify the sender before taking action. In other words, use your own contact details to reach the sender rather than using ones they send you.
T-Mobile has stated that they fixed the issue the hacker(s) was exploiting immediately after they discovered it was happening.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org