A hacker exploited a vulnerability in an API enabling them to access personally identifiable information of 37 million T-Mobile customers. The issue was discovered and quickly contained in early January, but had been exploited since late November 2022, with customer email addresses, phone numbers, billing addresses and more information compromised over this time.
While passwords and payment information were spared, the combination of email addresses, names, phone numbers, dates of birth and billing addresses provide fraudsters with plenty of ammunition for targeted phishing and SMiShing attacks. T-Mobile customers, of which there are 110 million in the US, should be weary of emails and text messages claiming to be from their carrier in the wake of this data breach.
The Wall Street Journal reported that the Federal Communications Commission (FCC) has opened an investigation into the mobile carrier following their history of data breaches. This most recent breach is the eighth since 2018. The company payed $350 million to settle a class action lawsuit and committed $150 million to beefing up data security practices in response to a 2021 breach impacting over 76 million customers and compromising Social Security numbers.
For more information: