Bellevue Based T-Mobile Has Data Breached Again
In a filing with the U.S. Securities and Exchange Commission (SEC), T-Mobile revealed that approximately 37 million customers had their data exposed in a breach. T-Mobile used the term "bad actor" was able to obtain data through "a single Application
Programming Interface" or API.
What Data was Exposed?
T-Mobile stated that their systems and their network was not breached and that they have been able to contain the "malicious activity". In the SEC filing, the Bellevue based company revealed that the API that was affected held a limited amount of data.
That data encompassed name, billing address, email, phone number, date of birth, T-Mobile account number as well as the number of lines and plan features
on customer's accounts. To this point Social Security numbers, Tax ID numbers, Drivers License information, PINs, financial information, and passwords appear to be safe.
When did this happen?
T-Mobile reported to the SEC that they believe the hacker breached the API somewhere around November 25th. The company is still investigating the breach and collecting associated information, but they have begun notifying customers that have been impacted.
This Isn't the First Time T-Mobile Has Been Hacked
In fact, it's the 8th time since 2018. In 2021 roughly 80 million people were impacted by a breach that saw Social Security Numbers and Driver's License information fall into the wrong hands. That breach cost the company around $350 million as a result of a class action lawsuit. In 2022 they were breached again by a hacking group but no sensitive information was gained. T-Mobile announced after the 2021 breach that they would invest approximately $150 million to improve security measures.