T-Mobile data breach 2023 title made the headlines again. T-Mobile has been suffering from data breaches since 2018, and this time 37 million accounts were affected. T-Mobile revealed the hack on Thursday, saying that the unauthorized API access by the attacker dates back to November 25, 2022. One of its Application Programming Interfaces was compromised, allowing the attack to take place (APIs). Application programming interfaces (APIs) facilitate interaction between programs and computers.
In the T-Mobile data breach that occurred on August 16th, 2021, the personal information of about 77 million customers was compromised and settled after that. $350 million T-Mobile Data Breach Settlement represents US history’s second-largest payment for a data breach, and the company could make a list again with a new big deal.
T-Mobile data breach 2023: Could the breach result in a new multi-million dollar lawsuit?
T-Mobile said Thursday that the data breach occurred on November 25, 2022, and that the attacker had been using the vulnerable API since then. On January 6, 2023, the company promptly terminated the criminal’s access to the API after discovering the breach. Information such as “name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features” was stolen.
At least for the time being, it appears that this particular type of sensitive client data was not compromised in today’s data breach.
“No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.”
T-Mobile said in a separate statement that the information taken in this hack was “basic customer information.” The company has informed the various US government agencies and is assisting them with their investigation. T-Mobile is notifying consumers whose data may have been compromised due to the hack.
“We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.
As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”
-T-Mobile
At the end of the day, this data leak doesn’t appear to be nearly as serious as prior breaches that have affected T-Mobile. However, the fact that security issues persist within the organization is cause for alarm and company stock dropped 2% in the extended trading session.
“We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”
T-Mobile data breach history: Do you know a better love story than T-Mobile and data breaches?
Since 2018, T-Mobile has reported eight separate data breaches. Although this is T-first Mobile’s known breach in 2023, the company has suffered seven others since 2018, including one in which almost 3% of all user data was compromised.
T-Mobile leaked prepaid customers’ data in 2019, and in 2020, unknown threat actors broke into employee email accounts.
In addition, in February 2021, attackers acquired unauthorized access to an internal T-Mobile application, and in December 2020, they gained access to confidential customer network information (phone numbers, call logs).
In August of 2021, hackers broke into T-network Mobile’s using a vulnerability in the company’s staging areas. T-Mobile failed to stop the leak of the stolen data even after paying the hackers $270,000 through a middleman company. In addition, the company admitted in April 2022 that the Lapsus$ extortion group had broken into its network by using stolen credentials.
Maybe T-Mobile should have added more security to its new year goals.
this year: new year: pic.twitter.com/aiEkc33rMh
— T-Mobile (@TMobile) December 30, 2022
Data breaches and hacks are today’s biggest problems. Check out the latest data breaches and hacks before we continue: Twitter data breach, CHI Health data breach, Facebook data breach, Uber security data breach, American Airlines data breach, Medibank cyber attack, and Binance hack.
Previous T-Mobile hack compensation
The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, etc.
If granted, the $350 million T-Mobile deal will represent US history’s second-largest payment for a data breach.
Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement
Other outcomes of data breaches: Equifax
The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.
Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the deal’s conditions. Additionally, the company must pay court fees and government fines.
Take a closer look at how data breaches effects companies: Equifax Data breach settlement
Do you know that Medibank class action investigations also started? It’s important to keep in mind that there’s a significant cost attached to any data leak that businesses must eventually pay.
Dataconomy Wrapped 2022: The answers to your burning questions