USA’s third-biggest cellular service provider reported a security incident that took place in December 2020. This was the company’s second data breach during the pandemic-ridden year.
T-Mobile appears to not be off to a good start in 2021 as the telecommunications company became a victim of hackers, and the news got picked up in the first days of the new year. It took some time for media outlets to dig out the deeply buried, undated security incident statement by the company’s Chief Marketing Officer, Matt Staneff.
According to the “notice of security incident” published on T-Mobile’s US website, the wireless network operator suffered malicious and unauthorized access to their systems. The notice confirmed that bad actors have accessed parts of the company’s customer proprietary network information (CPNI). The hackers managed to get unauthorized access to phone numbers, the number of lines associated with an account, and call-related information.
T-Mobile said that they stopped the attack as soon as they became aware of it. The telecom giant confirmed that hackers did not access more sensitive information such as names, physical addresses, SSN, credit card information, or other financial data. They also stated Tax IDs, passwords, and PINs were not accessed either.
The data breach occurred in early December. Even though the investigation has been going for weeks and the security loopholes have been patched, the wireless carrier has not yet confirmed who might be behind the attack. No hacker group, nor foreign-state, have publicly claimed responsibility yet either. T-Mobile also did not specify why it took them so much time to disclose information about the data breach to its customer base during the busy shopping winter season.
In a statement to FOX Business, a T-Mobile spokesperson said that they believe the details of approximately 0.2% of T-Mobile’s client base have been affected by the data breach, which equals to roughly 200 000 affected users. The number is significantly lower than T-Mobile’s other breaches over the last three years that affected millions of their customers.
Experts believe the stolen information could be used by criminals who want to execute socially engineered mobile phishing attacks. However, there are no conclusive reports that cybercriminals are actively using the stolen data at this time.
The wireless carrier was under fire for days as this is not the first time T-Mobile systems are being compromised. The attack covered by many outlets in the early days of 2021 is the company’s fourth data breach since 2018. The company again vowed to enhance its security further and prevent such data breaches from happening again.