T-Mobile USA has begun notifying customers affected by another breach at the company, which may have resulted in a significant volume of personal and account data being compromised.
The telecom giant said in a breach notification letter that its own systems flagged the unauthorized intrusion in March. A malicious actor gained access to hundreds of customer accounts between late February and March 2023.
Although no financial information or call log data was taken, those affected will need to pay close attention to subsequent fraud attempts.
“The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government identification, date of birth , outstanding balance, internal codes that T -Mobiles use on customer accounts (eg rate plan and feature codes) and number of lines,” the letter explained.
Learn more about T-Mobile’s security threats: T-Mobile: 49 million customers affected by data breach.
T-Mobile said it has already reset affected customers’ T-Mobile account PINs and is offering two years of free credit monitoring and identity theft detection services.
“We also urge you to remain vigilant by monitoring account activity and free credit reports, and reviewing your security options on your email, financial and other accounts,” T-Mobile warned.
“We encourage customers to use the features that T-Mobile offers, such as account takeover protection, number porting PINs, two-step verification, free scam protection with Scam Shield, SIM protection, a security dashboard and more.”
The news, which affected just over 800 customers, comes just months after the carrier disclosed a massive breach affecting around 37 million consumers.
This incident, which occurred after threat actors targeted an exposed API, went undiscovered for about a month and a half.
The US carrier has suffered multiple breaches over the years, including one disclosed in August 2021 that affected nearly 49 million customers.
Editorial Image Credit: Sulastri Sulastri / Shutterstock.com
Ikaroa, a full stack tech company, is reporting on the news that T-Mobile has suffered its second major data breach of the year. The breach was discovered in early August by security researchers at the UK-based firm Cyble, and affected over 2 million users. The breach resulted in unauthorized access to a number of user accounts, allowing threat actors to access personal information, including phone numbers, email addresses, and passwords.
This news comes only four months after T-Mobile suffered its first breach of the year, in April. At the time, the breach exposed the personal data of about two million customers, including email addresses and passwords. The cyberattack did not reveal any payment information, as it was not stored in the same system as the customer data.
T-Mobile has responded to the attack by notifying users directly via email and SMS about the possible data breach. The company has also advised all customers to change their passwords and take additional security measures to protect their accounts.
Ikaroa commends T-Mobile’s commitment to customer safety and data security. In the wake of these attacks, we urge all users to take extra precautions in safeguarding their personal information and to report suspected data breaches immediately. Companies like T-Mobile and Ikaroa are dedicated to keeping their customers safe, and it is everyone’s responsibility to help protect their data.