T-Mobile, one of the largest wireless network operators in the United States, has once again found itself grappling with a cybersecurity incident. This is the second such breach the company has been forced to contend with this year.
Announced on April 28, the new data breach follows a significant incident in January that impacted personal data of 37 million customers. This time, however, the number of affected individuals stands at 836, demonstrating a significant decrease in the scale of the breach.
In accordance with Maine's legislation, businesses that experience a digital data security breach must disclose the details of the incident to the Attorney General. Consequently, T-Mobile has dutifully reported the recent breach to the concerned authorities.
T-Mobile explained in a customer notification that their security measures proved effective in promptly detecting unauthorized intrusion. The company reported, "In March 2023, our systems designed to flag unauthorized activity worked as intended. We managed to confirm that an unauthorized entity accessed a limited amount of information from a small number of T-Mobile accounts between late February and March 2023."
The silver lining here is that no personal financial details or call records were affected by the breach. Nevertheless, the intruder managed to obtain a broad range of data. This potentially includes full names, contact details, account numbers, and associated phone numbers, T-Mobile account PINs, social security numbers, government IDs, dates of birth, balance due, and internal codes that T-Mobile uses for customer service purposes. These internal codes can reveal the rate plan and feature codes, as well as the number of lines associated with an account.
The incident is a sobering reminder of the ongoing cybersecurity threats faced by businesses, even those with established security measures in place.