T-Mobile has had its systems breached in 2018, 2019, 2021 and now for the second time in 2023. The first attack was much larger affecting 37m.
T-Mobile, the mobile telecoms company that falls under German telecoms giant Deutsche Telekom AG, has disclosed a data breach.
This breach is the company’s second disclosure in 2023. In January of this year, T-Mobile investigated a data breach that impacted up to 37m customers. This was a preliminary figure based on rough estimates by the company, however.
Following the first breach, T-Mobile ascertained that its systems had been accessed by a bad actor that used API to obtain data.
The company said it was able to put a stop to the activity relatively quickly when it became aware there was unusual traffic.
This time around, the company estimates that roughly 836 customers were affected. T-Mobile sent letters to affected customers warning them of the latest breach, which occurred between February and March. The disclosure letter was spotted by Bleeping Computer.
In the letter, dated 28 April 2023, the customers were told that a bad actor accessed “limited information from a small number of T-Mobile accounts”.
This included or could include a customer’s PIN, name, contact information, social security number, government ID, date of birth and the balance due on their account.
The letter reassured customers that personal financial account information and call records were “not affected”.
The company added that its systems and policies enabled it to identify the activity, terminate it, and implement measures to protect people’s accounts. It informed customers that it had taken steps to reset their PIN and it said it would be offering two years of free credit monitoring and identity theft detection services.
“We take these issues seriously,” the letter added. “We apologise that this happened and are furthering efforts to enhance security of your information.”
The two 2023 data breaches are not the first time T-Mobile has experienced problems causing customer data to be taken.
In 2021, it said the personal data of up to 50m users was compromised in a cyberattack, while other breaches occurred in 2018 and in 2019.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.