Mobile Provider Confirms IDs, SSNs, Names Stolen in Data Breach
Note: We may earn a commission from products or services when you click on a link and make a purchase.
T-Mobile released another statement about the massive data breach that compromised sensitive customer information. The statement issued by T-Mobile CEO Mike Sievert, confirms that the company became aware of the attack on August 17, 2021.
T-Mobile US Inc (TMUS.O) is the largest 5G carrier in the United States.
Data belonging to millions of T-Mobile customers, former customers, and prospective customers was exfiltrated during the attack. Stolen data includes social security number, customer name, address, date of birth, and driver’s license or other ID.
“The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems,” said CEO Sievert in a statement on the company’s website.
Sievert maintains that no financial data – payment card numbers or banking credentials – were stolen in the attack.
T-Mobile Data Breach No. 5
“Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.” Says the CEO.
Well, T-Mobile was not successful at stopping the hacker this time or the previous four times they were hacked since 2018.
In 2018, hackers heisted the personal data of more than two million T-Mobile prepay and post-pay customers. In 2019, T-Mobile prepaid customer data was exfiltrated in another successful attack.
In 2020 attackers compromised T-Mobile employee email accounts and stole customer financial data. The next year, in January 2021 T-Mobile was hacked yet again. This time the company was rather vague about what information was stolen.
That’s probably why the statement also says that T-Mobile will be using consulting firm KPMG and forensic investigation service provider Mandiant to help T-Mobile company move forward securely.
Sievert says that T-Mobile is still working with law enforcement agencies that are conducting a criminal investigation. Therefore, they are unable to provide more details about the cyberattack. However, the corporate statement said that the hacker used a brute force attack to gain access to T-Mobile systems and customer data.
A brute force attack is one in which cybercriminals use automation to guess at combinations of usernames and passwords to break into an account. The automation involves the use of a computer and a of email, username, and password combinations to keep trying combinations over and over again until something works. It’s basic but effective.
According to the statement, almost every impacted T-Mobile customer has been notified about the data breach. Affected customers are entitled to two years have identity protection services.
All customers are advised to reset their passwords and PINs for all online accounts – not just T-Mobile. It’s common for people to reuse the same password repeatedly across multiple online accounts. If your name and email address and password are stolen in one data breach they can be used to hack into other more valuable online accounts like credit cards and bank accounts.
If you cannot remember a unique and hard-to-guess password for each online account, then use a password manager app to create and store them for you.