Summary
Last month, T-Mobile announced that it had suffered a data breach, the second breach it has announced this year. While this breach only impacted a small number of people, a substantial amount of data was taken from those affected. Here’s the details on the latest T-Mobile breach.
Listen
Links
Transcript
Late last month, T-Mobile revealed a data breach, which is the second breach at the company this year. While this one is much smaller (affecting less than 1,000 customers) the criminals took a substantial amount of data from the few that were involved.
For Personal Tech Media, this is Two Minute Tech. I’m Jim Herman.
According to the notification T-Mobile sent to customers last month, the latest breach revealed occurred in February and March of this year. The company stated that the information stolen included name, contact information, account number, phone numbers, T-Mobile PIN, Social Security number, date of birth, account balance, and the number of lines.
The company is offering affected customers two years of credit and identity monitoring through TransUnion. It is also urging customers to remain vigilant against the threat of phishing.
According to a statement from T-Mobile made to Bleeping Computer, a malicious actor used compromised credentials to access customer accounts. T-Mobile further clarified that the criminals did not access financial data or call records. However, the company did not respond to a request for clarification on whether the compromised credentials belonged to an employee or to customers.
This is the second data breach that has occurred at T-Mobile this year. Starting last November, attackers used a vulnerable API to steal the data of 37 million customers. That attack continued for over two months until it was detected and stopped in early January.