In a financial filing on Thursday, T-Mobile revealed that a hacker accessed a trove of personal data belonging to 37 million customers.
The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25.
In the SEC filing, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting.
The hackers, according to T-Mobile, didn’t breach any company system but rather abused an application programming interface, or API.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.
This is the eighth time T-Mobile was hacked since 2018. The most recent incident was in 2022, when a group of hackers known as Lapsus$ were able to gain access to the company’s internal tools, which gave them the chance to carry out so-called SIM swaps, a type of hack where hackers take over a victim’s phone number and then try to leverage that to reset and access the target’s sensitive accounts such as email or cryptocurrency wallets.
T-Mobile has 110 million U.S. customers. A spokesperson for T-Mobile did not respond to a request for comment.
https://techcrunch.com/
Pour one out for Windows 7, the decade-old operating system that today reached the end of the security line. Some three years after Microsoft called time on mainstream support of Windows 7, the technology giant will no longer provide security updates, leaving the remaining users the option to upgrade to a newer operating system or […]
The hackers who reportedly hit more than 130 organizations last year and stole the credentials of almost 10,000 employees are still targeting several tech and video game companies, according to a report obtained by TechCrunch. The report, prepared by cybersecurity firm CrowdStrike, calls the hackers “Scattered Spider.” In a previous publicly available report, the company said […]
Australian software giant Atlassian and Envoy, a startup that provides workplace management services, were at loggerheads on Thursday over a data breach that exposed the data of thousands of Atlassian employees. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram this week that it claimed to have stolen from Atlassian. This […]
Leave a Reply