T-Mobile Suffers Another Data Breach, Affecting 37 Million Customer Accounts
In a concerning turn of events, T-Mobile has announced that personal data of about 37 million current customers was accessed in an intrusion that went undetected since late November. The mobile network operator traced the source of the malicious activity to an application programming interface and stopped it with the help of cybersecurity consultants.
The threat actor responsible for this latest incident is believed to be a criminal hacking group known as "Psycho Circus," the same group thought to be behind the November 2021 T-Mobile data breach involving approximately 37 million current customers.
T-Mobile is now notifying customers whose information may have been obtained by the threat actor. Fortunately, sensitive PII, including payment information, social security numbers, tax IDs, driver's licenses, and passwords, were not exposed, according to T-Mobile.
This is the eighth publicly acknowledged data breach at T-Mobile since 2018. The unauthorized access began on or around Nov. 25, as identified by T-Mobile in a filing with the Securities and Exchange Commission.
The investigation into this latest incident is ongoing, with federal law enforcement agencies assisting T-Mobile in its response. It's important to note that this is not the first time T-Mobile has faced such a challenge. In August 2021, there was a massive data breach at T-Mobile that exposed personal data of at least 76.6 million people.
In response to the August 2021 cyberattack, T-Mobile agreed to pay $500 million to settle a class-action lawsuit in July 2022. This settlement is in relation to the August 2021 cyberattack, which is widely regarded as the largest carrier breach on record.
As T-Mobile continues to address this latest data breach, customers are encouraged to remain vigilant and monitor their accounts for any suspicious activity. T-Mobile has stated that it may incur significant expenses in connection with this incident.
