T-Mobile suffers second data theft in less than six months

In brief We’d say you’ll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time this year.

“The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines,” the “Un-carrier” explained in its letter.

T-Mobile has had tens of millions of customer records compromised over the years.

Its first reported breach was in 2018 when two million records were accessed along with hashed passwords, and a year later more than a million customers had their data exposed.

In this case, an attacker with control over Thread Context Map input data in environments with non-default logging configurations is able to craft malicious input data that can leak information and enable remote code execution.

“We have admissions data from thousands of students,” the attackers declared, claiming they had 1.2TB of data and that they’re ready to use it.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.