T-Mobile claims it discovered that threat actors had gained limited access to information from a few accounts. This is the year’s second instance of a data leak.
Hackers had had hundreds of customers’ personal information for over a month, beginning in late February 2023.
“In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023,” in data breach notification letters issued to affected people, the company made this statement.
In contrast to T-Mobile’s past data breaches, the most recent of which affected 37 million users, reports say this incident only affected 836 customers.
What Details Were Involved?
The exposed personally identifiable information comprises more than enough information for identity theft, according to T-Mobile. However, the threat actors did not obtain access to call logs or the affected people’s personal financial account information.
For each of the affected customers, the exposed information differed, but it could have included the following details;
- Full name,
- Contact information,
- Account number and
- Associated phone numbers,
- T-Mobile account PIN,
- Social security number,
- Government ID,
- Date of birth,
- Balance due,
T-Mobile uses internal codes to service customer accounts (for example, rate plan and feature codes) and the number of lines.
T-Mobile following the discovery of the security breach, the company proactively reset account PINs for impacted customers and is now providing them with two years of free credit monitoring and identity theft detection services through Transunion myTrueIdentity.
“To protect your account, we proactively reset your T-Mobile Account Pin,” T-Mobile said.
The firm recommends reviewing your account details and changing your PIN to something new. You can do so by visiting T-Mobile.com, calling Customer Service at 1-800-937-8997, or dial 611.
The company also encourages you to stay watchful by checking account activity and free credit reports and reviewing your security settings on email, financial, and other accounts.
They urge consumers to use T-Mobile tools such as Account Takeover prevention, number transfer PINs, two-step verification, free fraud prevention with Scam Shield, SIM protection, a security dashboard, etc.
T-Mobile has announced the second such incident since the beginning of the year. The last data breach was published on January 19, when attackers obtained the personal information of 37 million users in November 2022 by leveraging a vulnerable Application Programming Interface (API).
Notably, T-Mobile identified the data stolen in the January hack as “basic customer information,” which included “name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features.”
Building Your Malware Defense Strategy – Download Free E-Book