T-Mobile's Data Breach Exposes Customer's Data and Financial Information

March 6, 2020

Mobile telecommunication company T-Mobile US, Inc. has revealed that a data breach on its systems that compromised some of its customers’ personal information.

According to an official announcement from the company, T-Mobile's cybersecurity team recently identified and shut down a malicious attack against their email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.

Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information. T-Mobile claims financial information (including credit card information) and Social Security number were not impacted. The company also noted that they are not aware of any evidence where the information contained in the affected email accounts has been used to commit fraud or otherwise misused.

However, T-Mobile did urge its customers to review account information and update the personal identification number (PIN/passcode) on their T-Mobile account. To prevent any further security incidents, the company claims they are "always working to enhance security" so they can stay ahead of this type of activity and protect their customers. "We also are reviewing our security policies and procedures to enhance how we protect these systems," says the announcement.

It is not known how many customers were affected by the data breach. However, it's important to consider that T-Mobile services 86.0 million customers in total, according to its Q4 2019 data. In addition, this is not T-Mobile's first security incident. In 2019, T-Mobile suffered a data breach that affected its pre-paid customers. And in 2018, T-Mobile customers were also affected by a data breach that compromised customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid).

Tim Wade, Technical Director, CTO Team at Vectra, that “While the full details of this attack haven’t yet come to light, the fact that employee email accounts were maliciously accessed is a good reminder that the unauthorized use of valid credentials is among the most popular tools in an adversary’s arsenal – multifactor authentication (MFA) is a strong deterrent for credential based attacks, and issuance of MFA should be considered table stakes for organizations that consume SaaS services with public portals.”

Jack Mannino, CEO at nVisium, says that “Determined attackers will target an organization’s partners, service providers and supply chain to compromise assets. As we build threat models for our organizations, we also need to build similar risk scenarios for the ecosystem of business partners to account for the expanded and multifaceted threat landscape that can affect our organization.”

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.