T-Mobile, one of the largest telecommunications companies in the United States, informed the public yesterday that it suffered a massive data breach that affected 37 million customers.
According to a filing with the United States Securities and Exchange Commission (SEC), on 5 January, the company identified that customer data was accessed by an unauthorized party via an application programming interface (API).
The company was able to stop the breach immediately but it believes that the hackers had been accessing this data since 25 November 2022 meaning that they had plenty of time to exploit the personal information of T-Mobile’s customers.
Also read: Best 5G Stocks to Watch & Invest In
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network”, the firm commented in the filing.
T-Mobile clarified that the data these bad actors obtained did not include credit card information, social security numbers (SSNs), passwords, or government-issued ID numbers. However, they did get access to personal details from these customers such as their names, phone numbers, e-mails, billing addresses, and T-mobile account numbers.
The company acknowledged that it “may incur significant expenses in connection with this incident”.
This would be the seventh breach that T-Mobile systems have suffered since 2018 and the resulting damages could draw further scrutiny from authorities within the United States such as the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) as the pattern is dangerous for customers.
T-Mobile Was Forced to Pay $500M After Hackers Stole Data from Nearly 80M Customers
In July last year, T-Mobile was forced to pay $500 million after the data of 76 million current, prospective, and former customers was illegally accessed by an unauthorized party. The settlement did not include an admission of guilt. Of that total, $350 million will go to the victims and their lawyers while the remaining $150 million must be invested into strengthening the firm’s cybersecurity protocols.
Even though it was not clear at the time how much money every affected customer would get, the agreement stipulated a maximum compensation of $2,500 to be handed over to each individual customer.
Also read: Top Tech Stocks to Invest in January 2023
As part of the settlement, T-Mobile also offered its customers a free identity protection service for two years and recommended that everyone affected should change their passwords and personal identification number (PIN).
T-Mobile’s Systems Were Poorly Protected in 2021, Hacker Says
In 2021, T-Mobile was accused of covering up the severity of the breach, first claiming that bad actors did not access customers’ Social Security Numbers (SSNs) although they did in many cases.
The firm failed to implement basic cybersecurity protocols such as “rate limiting”, a practice that consists of blocking a large number of server requests coming from a single source. Users typically experience the effectiveness of this practice when they try to log into their accounts many times within a short period and get automatically blocked by the system for a while.
The company said yesterday that its program to invest millions in strengthening its cybersecurity protocols had commenced and that they had made “substantial progress to date”. No further details had been provided about the specific measures the company has taken in this particular subject since the 2021 incident.
In an interview with the Wall Street Journal, John Binns revealed that he was behind the 2021 hack. He bashed T-Mobile’s security and deemed it as “awful” as he was able to easily access the firm’s servers by targeting an unprotected router through which he obtained the credentials to penetrate over 100 servers containing customers’ information.
The hacker said that he panicked at the time after realizing how easy it was for someone to get this kind of access. Shares of T-Mobile are down nearly 2% in pre-market stock trading action this morning following the news.
Other Related Articles: