Slash Boxes

SoylentNews is people

posted by janrinok on Monday January 23, @01:41PM   Printer-friendly
from the see-what-breach-is-next dept.

New T-Mobile Breach Affects 37 Million Accounts:

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a "bad actor" abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features.

APIs are essentially instructions that allow applications to access data and interact with web databases. But left improperly secured, these APIs can be leveraged by malicious actors to mass-harvest information stored in those databases. In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia.

T-Mobile said it first learned of the incident on Jan. 5, 2023, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022. The company says it is in the process of notifying affected customers, and that no customer payment card data, passwords, Social Security numbers, driver's license or other government ID numbers were exposed.

In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver's license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company. That breach came to light after a hacker began selling the records on a cybercrime forum.

Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach. The company pledged to spend $150 million of that money toward beefing up its own cybersecurity.

In its filing with the SEC, T-Mobile suggested it was going to take years to fully realize the benefits of those cybersecurity improvements, even as it claimed that protecting customer data remains a top priority.

Original Submission

This discussion was created by janrinok (52) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by Runaway1956 on Monday January 23, @03:45PM (2 children)

    by Runaway1956 (2926) Subscriber Badge on Monday January 23, @03:45PM (#1288191) Homepage Journal

    We need more efficient breaches! /sarcasm

    Don’t confuse the news with the truth.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 2) by DannyB on Monday January 23, @04:08PM

    by DannyB (5839) Subscriber Badge on Monday January 23, @04:08PM (#1288196) Journal

    I find it more efficient to use <no-sarcasm> tags as necessary.

    Scissors come in consumer packaging that cannot be opened without scissors.
  • (Score: 0) by Anonymous Coward on Monday January 23, @06:50PM

    by Anonymous Coward on Monday January 23, @06:50PM (#1288229)

    Only 10% is publicized. The real number is 100%.. but don't tell anybody