>
T-Mobile has warned millions of customers that an attacker has used an Application Programming Interface (API) to gain access to some of their sensitive data.
In a warning posted on the company’s website, T-Mobile attempted to downplay the importance of the incident, saying that some “basic customer information (almost all of which is commonly available in marketing databases or directories)” had been obtained.
However, the data includes people’s names, billing addresses, email addresses, phone numbers, dates of birth, and account numbers, all of which are valuable information for identity theft (opens in new tab) attacks, phishing and similar social engineering attacks.
Millions of victims
Passwords, payment card information, social security numbers, government ID numbers and financial account information remained secure, the company confirmed. It also said the investigation found no evidence of a breach of its networks or systems.
While the alert doesn’t say how many people were affected by the breach or what account types were affected, a total of 37 million customers have had access to their data, including both prepaid and postpaid customers.
The attack took place between November 25, 2022 and January 5, 2023. It was on January 6 that T-Mobile finally cut off access from the threat actors.
The company reported the attack to both law enforcement and federal agencies in the United States, whose investigation is now underway, it said. T-Mobile also added that it was beginning to notify customers who may have had their data compromised.
The German telecommunications giant’s track record on data breaches is far from ideal. The company has had multiple incidents over the years, including one in 2018, one in 2019, and at least three in 2020. In 2021, it emerged that the company paid hundreds of thousands of dollars to prevent its sensitive data from leaking to the web, which yet happened, and a year later, in 2022, confirmed that he was targeted by the extortion gang Lapsus$.
Through: Beeping computer (opens in new tab)