In another unsettling twist of events for T-Mobile, the telecom giant finds itself entangled in its third data breach of the year, resulting in the theft of over 90GB of both employee and customer data. Remarkably, this marks the eighth major breach T-Mobile has faced since the year 2018.
Update: T-Mobile has contested the reports of a data breach, stating, “The data being discussed online is believed to be associated with an independently owned authorized retailer,” as reported by BleepingComputer.
The culprits responsible for this latest breach have brazenly posted the stolen databases on the notorious cybercriminal forum, BreachForum. Their claim asserts that the 90GB trove of personally identifiable information (PII) pertains to T-Mobile employees, encompassing login credentials, partial social security numbers (SSNs), email addresses, in addition to the company’s sales and analytics data, support call records with customers, and various other details.
According to the vigilant malware researchers at vx-underground, who initially flagged the breach on Twitter (X), this incident unfolded in April 2023.
The motives behind why the threat actors held onto the data for months before disclosing it remain shrouded in mystery.
Regrettably, data breaches have become an unfortunate pattern for T-Mobile. This recent breach closely follows T-Mobile’s second breach of 2023 last March, and it follows in the wake of the significant incident in January 2023, which exposed the personal data of approximately 37 million customers. It’s also worth noting reports earlier this week regarding customers witnessing the personal information of other users when accessing their own accounts.