T-Mobile has suffered another cyber attack after it was rocked by a massive data breach in August. This time, attackers had access to “a small number” of customer accounts, according to documents posted by The T-Mo Report.
According to the report, customers were either victims of a SIM-swapping attack (allowing someone to bypass SMS-powered two-factor authentication), personal subscription details were made public, or both. The document shows that the customer’s proprietary network information that was viewed could include the customer’s name, phone number, and account number, as well as information about their subscription, including the number of lines associated with their account.
This summer, the carrier confirmed that a data breach exposed nearly 50 million customer records, with the attacker having access to social security numbers, names and dates of birth. (One person who claimed to be the hacker called the company’s security practices “terrible”.) The information reportedly revealed during the December breach is less sensitive (and the documents say the customers who switched their SIM cards) , have regained access), and is probably not that big in size. We couldn’t find any widespread reports of customers saying they had received notification letters.
T-Mobile is immediately taking steps to help protect all individuals potentially at risk from this cyber attack. If you have any questions, DM us and we can discuss steps to increase your account security. ^KenStone
— T-Mobile Help (@TMobileHelp) 28 Dec 2021
T-Mobile’s support account has: apparently confirmed that there was an infringement, respond to people on Twitter say that it is taking “immediate action” to help individuals endangered by the attack. The company did not immediately respond to: The edge‘s request for comment.