UPDATE: Shortly after T-Mobile formally confessed to yet another security mishap, The Wall Street Journal issued a new report providing additional context and a few details the wireless service provider initially left out.
The most worrying revelation is by far the total number of customers reportedly affected by the breach, closely followed by the period of time during which hackers went unnoticed while accessing and stealing people’s data.
While the “problem” was discovered on January 5 and fixed “within 24 hours” of said discovery, the breach originally dates back to November 25 (yes, 2022), which is why it’s not exactly shocking to hear that “about” 37 million of T-Mo’s 110 million+ customers were victimized during this extended timeframe.
Naturally, the Federal Communications Commission is now on the case, opening an investigation into what’s (rightfully) being described as “the latest in a string of data breaches at the company.” Our original story follows below.
##T-Mobile has sure had its fair share of data breaches in recent years, making headlines for all the wrong reasons a lot more frequently than Verizon and AT&T, but to its credit, the “Un-carrier” appears to be handling the latest such situation admirably and unusually well.For one thing, Magenta is coming clean to officially confirm and detail the nature and causes of this newly discovered security incident before customers can complain or hackers can brag to the press about the success of their nefarious enterprises.
It’s certainly nice to get clear information directly from your mobile network operator ahead of anyone else in these cases, and it’s especially nice when said information includes a lot of good news… considering.
While the number of “impacted customers” T-Mo is “currently in the process of informing” about this breach remains unknown, by far the best news delivered today is that “no passwords, payment card information, social security numbers, government ID numbers, or other financial account information” appears to have been compromised… this time around.
Those are easily the most sensitive types of data that hackers could get their hands on when something like this happens, so T-Mobile definitely deserves praise for managing to keep all of that protected.
On the not so bright side of things, “some basic customer information” was breached, and as hard as Magenta might try to minimize the importance of keeping stuff like names, billing addresses, emails, phone numbers, birthdates, account numbers, the number of lines on an account, and service plan features private, it’s totally not cool to know that someone gained access to all of that without your approval.
There’s obviously no need to change any passwords or take any special security measures if you’re notified of a breach on your account, at least if T-Mobile doesn’t discover anything new and radically different in the near future.
For the time being, the nation’s second-largest wireless service provider seems pretty confident that the “issue” was permanently “shut down” and all of the danger removed “within 24 hours” of initially identifying the breach, caused by a single API (Application Programming Interface) deployed by an unnamed “bad actor.”
T-Mobile’s network and “systems” themselves were at no point breached in this particular cyberattack, and the “Un-carrier” is even giving itself a nice and hearty pat on the back for preventing the “most sensitive types of customer information from being accessed”, presumably with the help of tools and “policies” developed and improved in the wake of previous incidents.