T-Mobile has warned of a second data breach in 2023, with attackers gaining access to the personal information of hundreds of customers and retaining access for more than a month (from the end of February 2023). This incident affected 836 customers, although the volume of information disclosed was large and put users at risk of identity theft and phishing attacks.
In notifications sent to victims, the company stated that from February to March 2023, attackers “gained access to limited information for a small number of T-Mobile accounts.” This included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, identification document details, date of birth, amount payable, internal codes used to service accounts (such as billing plan and feature codes), and information about the number of available lines.
T-Mobile has reset the PINs for all affected accounts and is offering two years of free credit monitoring and identity theft detection services. This is the ninth data breach by T-Mobile since 2018, with previous incidents including the theft of 3% of all subscribers’ data in 2018, a hack through a vulnerable router in 2021 that affected approximately 100 million customers, and the complete source code theft by the Lapsus$ hacker group in 2022.
