T-Mobile's Data Breach Exposes Customer's Data and Financial Information

March 6, 2020

Mobile telecommunication company T-Mobile US, Inc. has revealed that a data breach on its systems that compromised some of its customers’ personal information.

According to an official announcement from the company, T-Mobile's cybersecurity team recently identified and shut down a malicious attack against their email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.

Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information. T-Mobile claims financial information (including credit card information) and Social Security number were not impacted. The company also noted that they are not aware of any evidence where the information contained in the affected email accounts has been used to commit fraud or otherwise misused.

However, T-Mobile did urge its customers to review account information and update the personal identification number (PIN/passcode) on their T-Mobile account. To prevent any further security incidents, the company claims they are "always working to enhance security" so they can stay ahead of this type of activity and protect their customers. "We also are reviewing our security policies and procedures to enhance how we protect these systems," says the announcement.

It is not known how many customers were affected by the data breach. However, it's important to consider that T-Mobile services 86.0 million customers in total, according to its Q4 2019 data. In addition, this is not T-Mobile's first security incident. In 2019, T-Mobile suffered a data breach that affected its pre-paid customers. And in 2018, T-Mobile customers were also affected by a data breach that compromised customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid).

Tim Wade, Technical Director, CTO Team at Vectra, that “While the full details of this attack haven’t yet come to light, the fact that employee email accounts were maliciously accessed is a good reminder that the unauthorized use of valid credentials is among the most popular tools in an adversary’s arsenal – multifactor authentication (MFA) is a strong deterrent for credential based attacks, and issuance of MFA should be considered table stakes for organizations that consume SaaS services with public portals.”

Jack Mannino, CEO at nVisium, says that “Determined attackers will target an organization’s partners, service providers and supply chain to compromise assets. As we build threat models for our organizations, we also need to build similar risk scenarios for the ecosystem of business partners to account for the expanded and multifaceted threat landscape that can affect our organization.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Organized Retail Crime (ORC) is a serious problem that has been on the rise for several years. The unprecedented event of the current pandemic will rival or even exceed any previous events. If COVID-19 by itself wasn't bad enough, add civil disturbance, bail reform, and the state of law enforcement, and you have a perfect storm.

Security Magazine

2020 August

This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!

View More Create Account

T-Mobile's Data Breach Exposes Customer's Data and Financial Information

Related Articles

Related Events

Report Abusive Comment