T-Mobile has already diclosed a second data breach in 2023

Just five months into the year, T-Mobile disclosed its second data breach, but thankfully only affected a small number of customers.

The carrier announced its first breach for 2023 in January but was able to shut down the attack within 24 hours. In the second one, however, hackers had access to hundreds of customers' personal information for over a month, according to Bleeping Computer.

The breach started in late February 2023 and, fortunately, only affects 868 customers. T-Mobile stated that although the attackers did not obtain call records or personal financial account information, the exposed personally identifiable information is sufficient for identity theft.

Exposed information could include full names, contact information, account numbers and associated phone numbers, account PINs, social security numbers, government IDs, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines on an account.

T-Mobile has reset the account PINs for affected customers and is now providing them with two years of free credit monitoring and identity theft detection services via Transunion's myTrueIdentity service.

"In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed, and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," the company said in data breach notification letters sent to affected customers.

Seven other data breaches have been reported by the mobile carrier since 2018.

5 Comments

retrogusto 16 Years · 1140 comments

About 1 year ago

If a company gets hacked and sensitive customer information is compromised, the company should lose the right to ask for sensitive information for, say, ten years. I guess this would probably just cause the companies to try to hide any evidence of hacking, but there should be even more severe consequences for that. They obviously need more of an incentive to protect their customers’ data.

netrox 12 Years · 1510 comments

It's possible to ask for sensitive information to verify but they should never store any of those sensitive information. That's why I am questioning why T-Mobile is holding those sensitive information.

M68000 7 Years · 887 comments

retrogusto said:

If a company gets hacked and sensitive customer information is compromised, the company should lose the right to ask for sensitive information for, say, ten years. I guess this would probably just cause the companies to try to hide any evidence of hacking, but there should be even more severe consequences for that. They obviously need more of an incentive to protect their customers’ data.

Appreciate the idea but no software appears to be free of security risks. Nothing would get done if “10 year” penalties are involved. He’s measure is to take precautions and limit yourself to giving out personal data and do your own backups as needed despite all the claims about how great cloud storage is.

jme2376 1 Year · 1 comment

My account got hacked for 650.00$ if I could close my account I would but locked in on contract T-Mobile needs step up and on top of it being hacked I was also being charge for 2 tablets never had.

kmarei 16 Years · 209 comments

American companies get hacked all the time, and all we get is a "my bad"
no response from government
meanwhile government is losing its mind because tiktok monitors my viewing habbits, and knows i like big hooters and cars...

Share Your Thoughts on our Forums ->