In the latest instance of cybercrime, T-Mobile has announced that a “bad actor” gained access to information of 37 million of its customers. The hack was disclosed in a regulatory filing with the Securities and Exchange Commission on January 19th, and apparently the hacker had access to the information for almost six weeks before they were detected.
The attack is particularly embarrassing for T-Mobile as it was the second such attack in two years. In August 2021, T-Mobile disclosed a cyberattack that obtained data on 7.8 million current customers and 40 million former or potential customers who had applied for credit with T-Mobile.
As for the specifics of the customer data that was obtained, T-Mobile stated in the filing that it included “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account.” But here’s the good news, the company stated that “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, based on our investigation to date, customer accounts and finances were not put at risk directly by this event.”
While it may be small consolation to the victims, it seems that less data was compromised in the latest attack compared to the 2021 incident. In that case, Social Security numbers, addresses, birthdates, and driver’s license information of at least some customers or candidates were compromised.
T-Mobile has stated that they are confident they have closed the access point that allowed the latest data to be stolen and have also informed certain federal agencies about the incident and are working with law enforcement. They have also begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements.
In this digital age, where data is the new oil, it’s imperative that companies take cybersecurity seriously and invest in protecting their customers’ information.
