T-Mobile, a leading mobile service carrier in the United States, headquartered in Bellevue, Washington, completed the acquisition of rival company Sprint in 2020, solidifying its position in the industry with over 120 million customers.
However, according to newly released data, the company has been hacked 100 times by three different cybercriminal groups since 2022.
In a report submitted to the Securities and Exchange Commission, T-Mobile disclosed that a malicious party gained unauthorized access to data through an application programming interface (API) sometime after November 25 2023. The API breach did not expose sensitive information such as driver's license numbers, government IDs, social security numbers, passwords/PINs, payment card details, or financial account information of affected customers. T-Mobile promptly notified the impacted customers about the breach, informing them that their personal information, including names, dates of birth, addresses, and contact details, had been compromised.
The primary objective of the attackers was to infiltrate T-Mobile's internal systems and tools, enabling them to intercept and redirect text messages and phone calls of T-Mobile users to alternative devices. The attackers aimed to monetize the stolen user data by offering it as a cybercrime service.
T-Mobile confirmed that they have collaborated with law enforcement agencies and federal authorities in their investigation of the breach. While they have stated that the attack has been contained, a comprehensive investigation is still ongoing.
Neil Mack, a senior analyst at Moody's Investors Service, expressed concerns about T-Mobile's cyber governance and highlighted that such security breaches may negatively impact consumer trust and draw scrutiny from regulatory bodies like the Federal Communications Commission (FCC). He added "While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers." This incident marks T-Mobile's first data breach in the current year, but the company has previously experienced seven other breaches, including one that affected approximately 3% of all T-Mobile customers. These breaches have raised questions about the company's cybersecurity practices.
In 2019, T-Mobile failed to prevent prepaid users' data from going public. Unknown threat actors gained access to the email accounts of T-Mobile employees in March 2020. In 2021, T-Mobile experienced a comparable event. The theft of 80 million US citizens' social security numbers and driver's licenses was made public in August 2021. The customers received a 350-million-dollar settlement.
Finally, the corporation revealed in April 2022 that the Lapsus$ extortion group had hacked its network using stolen credentials. This gang acquires possession of the company's internal tools and then performs SIM swaps, a sort of attack that grants illegal access.
According to Bloomberg, the Lapsus$ group, responsible for the T-Mobile hack, also managed to obtain personal data of customers using SAMSUNG's Galaxy devices. Samsung declared that the South Korean electronics giant had been hacked, revealing confidential business data and Galaxy device source code.
A data compromise affecting CASH APP users occurred at the start of the same year. Nevertheless, this cyber security violation was carried out by a former Cash App employee. Although no account usernames, passwords, or personal identity information were taken, stock trade information, customer names, account numbers, and portfolio data were publicly revealed.
T-Mobile stated at the time that it would spend $150 million through 2023 to strengthen its data security and other technologies. While T-Mobile did not disclose specifics regarding the modifications, they want to make to their security processes, they stated that they have enhanced multi-factor authentication and restricted application access to prevent future security breaches.
“For T-Mobile customers, this breach means only one thing: Consumers need to be extremely vigilant over the coming days and weeks,” Kaspersky’s David Emm said.
Such malicious software assaults are not simply a concern for T-Mobile. Companies are working furiously to mitigate thousands of invasions, but it might be difficult to avoid every single one. In such instances, we must take aware precautions ourselves. Using secure passwords is one of the easiest yet most effective strategies to lessen the likelihood of getting hacked. Reusing the same password for different platforms greatly raises the likelihood of your password being hacked and falling into the hands of cybercriminals. This puts your accounts and personal information at a higher risk of being compromised. Additionally, using two-factor authentication, freezing your credit if your social security information is taken, and remaining attentive against cyber threats will assist to mitigate the damage of any prospective cyber assault.
Irem Naz Baysan