No matter how careful you are with your online accounts, there isn’t much you can do to protect yourself. We leave the rest to the companies that keep these accounts, and they’re anything but perfect. For example, in August, T-Mobile suffered a massive data breach that affected nearly 50 million customers. The FCC even launched an investigation. The bad news is that the operator is still vulnerable, as T-Mobile has reportedly discovered a new hack.
T-Mobile hack revealed by internal documents
Earlier this week, The T-Mo report got internal documents regarding a recent T-Mobile hack. The documents say T-Mobile sent “a small number” of customers a letter warning them of unauthorized activity on their accounts. The carrier has separated customers into three categories:
- Hackers were able to view the account information of some customers. T-Mobile refers to the information as Customer’s Proprietary Network Information, or CPNI. It includes billing account name, phone number, number of lines on the account, T-Mobile account number, rate plan name, and recurring monthly charges.
- The second category includes customers whose SIM cards have been exchanged by a malicious actor. If a hacker is able to change the SIM card associated with a T-Mobile customer number, they can take control of the customer number. This is of particular concern as the hacker can then gain access to other accounts using two-factor authentication codes sent to the number.
- The third and final category includes customers who fall into the other two categories.
Unlike the data breach in August, T-Mobile has not released any public statements about the hack. The carrier has sent letters to each affected customer. But the fact that we haven’t heard from these customers suggests that this hack is much less common.
T-Mobile’s data breach in August 2021
If a significant number of customers were affected, T-Mobile would likely have informed the public already. Meanwhile, the carrier has not updated his blog for more than a week.
The last time the carrier reported a hack, T-Mobile CEO Mike Sievert wrote a lengthy article on the subject. Here’s the executive’s explanation for what happened:
August 17e we have confirmed that T-Mobile’s systems are under a criminal cyber attack that has compromised the data of millions of our customers, former customers and potential customers. Fortunately, the breach did not reveal any customer financial information, credit card information, debit or payment information, but like so many other breaches before, some information about SSN, name, address, date of birth and driver’s license / ID have been compromised. To say that we are disappointed and frustrated that this has happened is an understatement. Ensuring the security of our customers’ data is a responsibility we take very seriously and preventing this type of event from happening has always been a top priority for us. Unfortunately, this time we were unsuccessful.
We will be on the lookout for official information from T-Mobile regarding the latest hack. In the meantime, if you’re a T-Mobile subscriber, keep an eye on carrier messages.
