In a financial filing on Thursday, T-Mobile revealed that a hacker accessed a trove of personal data belonging to 37 million customers.
The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25.
In the SEC filing, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting.
The hackers, according to T-Mobile, didn’t breach any company system but rather abused an application programming interface, or API.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.
This is the eighth time T-Mobile was hacked since 2018. The most recent incident was in 2022, when a group of hackers known as Lapsus$ were able to gain access to the company’s internal tools, which gave them the chance to carry out so-called SIM swaps, a type of hack where hackers take over a victim’s phone number and then try to leverage that to reset and access the target’s sensitive accounts such as email or cryptocurrency wallets.
T-Mobile has 110 million U.S. customers. A spokesperson for T-Mobile did not respond to a request for comment.
https://techcrunch.com/
U.S. nonprofit healthcare giant Maternal & Family Health Services has confirmed hackers accessed sensitive patient, financial and medical information months earlier. In an advisory published on its website on Thursday, MFHS said a “sophisticated ransomware incident” exposed the sensitive information of current and former patients, employees and vendors. This information included names, addresses, dates of birth, Social Security numbers, […]
LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared […]
CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company’s systems. The San Francisco–headquartered DevOps company said in an advisory published late Wednesday that it is currently investigating the security incident — its most recent in recent years. “We wanted to make you […]
Leave a Reply