The US mobile operator T-Mobile has suffered its seventh data breach in five years. Although in January 2021, the company experienced a leak that affected 37 million subscribers, this latest breach only impacted 836 individuals. T-Mobile discovered unauthorized access to its network in March – the breach began at the end of February. The attackers were unable to obtain financial information or call history, but they did manage to steal PIN codes and other confidential subscriber information.
Each subscriber’s data was different, but the information compromised may have included their full name, contact details, account number and associated phone numbers, social insurance numbers, government certificates of identity, date of birth, account balances, and internal codes for T-Mobile customer accounts. T-Mobile acted immediately, notifying all affected subscribers via letters dated April 28th, and automatically resetting their PIN codes.
Unfortunately, T-Mobile has repeatedly been targeted in data breaches. In 2018, two million records (including hashed passwords) were breached, with over a million customers losing their details a year later. The company then experienced two more data breaches in March and December 2020, with 48 million customer records published on the Darknet in 2021. We reported the sixth case earlier this year.
T-Mobile’s cybersecurity track record raises questions about the company’s approach to information security. It appears that the current methods are not effective in preventing attackers from gaining unauthorized access. The company’s reputation may suffer further if additional breaches occur. Perhaps now is the time for T-Mobile to reevaluate its security strategies to prevent further data breaches.