Reliving November 2019, August 2021 and April 2022, opps we did it again and again. We got hacked. We feel the best of intentions, but wonder when T-mobile can stop the breaches. The newest breach saw a “bad actor” obtaining “limited types of information” from user accounts. T-Mobile shut down this bad actor’s access to the data within 24 hours, and that system fallbacks in place “prevented the most sensitive types of customer information from being accessed.”
In August of 2021 was their biggest breach and impacted over 50 million people. In that data breach, personal data, including social security numbers, was accessed by the hacker.
T-Mobile states: “We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.”
“As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems”
For now they announced the data breach didn’t include that type of sensitive customer data. T-Mobile stated that “no information was obtained for impacted customers that would compromise the safety of customer accounts or finances.” They mentioned the the “Bad Actor” only got some “basic customer information” that is available elsewhere.
No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
Though this breach was not as bad as the others , there is still areas T-Mobile need to gain over their networks. Many see the statement “already known marketed info” shows they still dont take security seriously. To many people, their names and addresses being released really creates a lack of security and adds a felling of helplessness.