T-Mobile suffered its second significant security breach in just two years when an unidentified malicious actor broke into the network and stole the personal information of about 37 million of its customers.
The company reported the breach to the Security and Exchange Commission on January 5 and stated that the data stolen included customer addresses, phone numbers, and dates of birth.
T-Mobile Faces Another Security Breach
As of this point in its investigation, the intrusion did not reveal any passwords, Pins, bank account or credit card information, Social Security numbers, or other official identifications.
The company claimed that it had alerted law enforcement and government agencies and that the data had been accessed for the first time on or about November 25.
Following a second data breach involving Social Security numbers and driver’s license information in July, the company was ordered to pay $350 million to customers as a result of a class action lawsuit.
There is currently no evidence that the bad actor was able to penetrate or damage our systems or our network, the business said, adding that it had started alerting affected customers. Our investigation is still ongoing, but the malicious activity appears to be totally contained at this time.
According to an FCC official quoted in the Wall Street Journal on Thursday, the FCC has also launched an investigation into the company’s data breach event.
In after-hours trading, firm shares decreased by 2%.
After almost 80 million Americans were impacted by the August attack, T-Mobile previously announced it would invest $150 million through 2023 to strengthen its data security and other technologies.
T-Mobile said in its filing on Thursday that it had made substantial progress to date on the upgrades. It also admitted the most recent hack might result in substantial expenses.
Security Of Sensitive Information Is Major Concern
Prior to August 2021, the business acknowledged breaches in which customer information had been accessed in January 2021, November 2019, and August 2018.
After acquiring rival Sprint the same year, T-Mobile, based in Bellevue, Washington, rose to prominence as one of the nation’s top mobile providers in 2020. After the merger, it claimed to have more than 102 million clients.
With ransomware attacks against hospitals and other businesses that retain highly sensitive information on the rise in recent years, data breaches are a top issue for large companies in the US.
The Biden administration declared that defending the nation from cyberattacks was a high priority after the 2021 attack on T-Mobile.
In an open letter to the private sector on June 2, 2021, Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, stated that all organizations must know that no company is secure from being targeted by ransomware, regardless of size or location.
Ransomware assaults have disrupted institutions all across the world, including banks in the UK, pipelines in the US, and hospitals in Ireland, Germany, and France. The threats are significant and getting worse.
The 5,500-mile Colonial Pipeline was damaged by a ransomware assault in May 2021.
About 45 percent of the petroleum used on the East Coast is transported over the pipeline, which extends from Houston, Texas across the southeast of the US.
The pipeline paid the criminal hacking outfit Darkside a ransom of $4.4 million in Bitcoin.
In the end, the Department of Justice obtained $2.3 million, or 63.7 Bitcoin.
After the Conti ransomware group took control of the nation’s healthcare system and demanded $20 million, Irish hospitals were reduced to pen and paper later that month.
The group eventually granted the hospitals’ systems access without charge, but if they didn’t receive payment, they threatened to sell or disclose a lot of sensitive data.