T-Mobile reports another hack affecting hundreds of customers

The latest breach into T-Mobile's systems appears to have given hackers the personal information of hundreds of customers.

"We notified a small number of customers that our systems and processes worked to detect and stop a bad actor who was accessing accounts using compromised credentials," T-Mobile officials wrote in response to questions from Light Reading. "No personal financial account information or call records were included. We take these issues seriously and have taken steps to proactively protect the impacted customer accounts and to help prevent recurrence. We'll continue to investigate what occurred to expand the safeguards we have in place."

Figure 1: (Source: NicoElNino/Alamy Stock Photo)

Details on the new breach come from a report on Bleeping Computer and the website of Maine Attorney General Aaron Frey, as noted by Ars Technica. According to a T-Mobile document cited by Bleeping Computer, "a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023." The hacker obtained information including names, account numbers and social security numbers. According to the Maine attorney general, the intrusion started on February 24 and lasted until March 30, affecting 836 customers.

As noted by The Verge, this is now the ninth data breach that T-Mobile has disclosed since 2018.

The most recent of those, which happened earlier this year, also involved a "bad actor" that was able to obtain information on millions of T-Mobile customers through an application programming interface (API) into the operator's systems.

To be clear, T-Mobile isn't the only 5G operator to suffer some kind of hack in recent weeks. Vendors serving AT&T and Verizon have also suffered intrusions, while Dish Network may still be recovering from a remarkable security incident that appeared to affect a wide range of corporate systems including customer care and billing.

In a recent report, the analysts at S&P Global Ratings speculated the issue could hit Dish on its bottom line. "It is unclear what the cost of remediation will be and whether there will be legal expenses associated with the attack, as Dish is facing numerous investor class-action lawsuits over the breach," the analysts wrote. "For context, T-Mobile agreed to pay $500 million in fines and technology investments following a customer data breach in 2021."

Finally, it's worth noting that wireless service providers aren't the only telecom players suffering such invasions. For example, TechCrunch reported that hackers recently published data stolen from network infrastructure vendor CommScope in an apparent ransomware effort.

Related posts:

— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano