US mobile carrier giant T-Mobile suffered another breach just four months into 2023, where the threat actors could use identity theft and spear phishing against the victims. Join us as we share the T-Mobile data breach, how it happened, what data was accessed, and how to get phishing protection.

 Data breaches are a significant threat that leaves organizations and their customers dealing with much harm. Threat actors constantly evolve their tactics and circle networks looking to exfiltrate information. The latest case is of the mobile carrier giant T-Mobile, which has suffered the second breach of the year, affecting over 800 individuals. Here is the T-Mobile data breach at a glance. 


T-Mobile Data Breach at a Glance

One of the most significant mobile carriers in the United States, T-Mobile, was the victim of a data breach in late February. The second data breach that T-Mobile faced this year, the incident impacted 836 customers and resulted in the exposure of a ton of PII (Personally Identifiable Information)

The breach affected a small number of T-Mobile customers compared to the previous one, which hit nearly 37 million. However, the information exposed in this data breach is highly extensive and can do a lot of harm to those affected.

Since the PII of the customers was leaked, threat actors could use such personal information for spear phishing, targeted scams, and identity theft, making this a significant data breach. This breach marks the eighth time since 2018 that T-Mobile has experienced a data breach.


What Customer Data Was Stolen?

The data breach at T-Mobile has affected 836 customers, and the threat actors have access to varied information for each affected customer. The information could include full names, contact information, mobile numbers associated with the accounts, account numbers, T-Mobile accounts PINs, government IDs, dates of birth, account balance due, internal codes that T-Mobile uses, and SSNs (Social Security Numbers).


Image sourced from

The threat actors did not access any calling history or financial account information during the breach, but it did lead to the theft of PII. 


What did T-Mobile Do to Address the Breach?

Since the information at risk is highly valuable to threat actors, T-Mobile took swift action to reset the account PINs of all affected customers. Furthermore, since the data breach has left said individuals exposed to spear phishing and identity theft, T-Mobile has offered all affected customers credit monitoring and identity theft detection services for 2 years free of cost through Transunion myTrueIdentity.

It is recommended that affected customers use this free monitoring to protect themselves and check if their information is maliciously being used online. 


T-Mobile’s First Data Breach of 2023

Back in January, T-Mobile disclosed its first breach of the year, where the threat actors made away with the personal information of 37 million T-Mobile current postpaid and prepaid customer accounts. The threat actors stole the data using an impacted T-Mobile API (Application Programming Interface) and exploited it from 25 November 2022 to 5 January 2023, when the mobile carrier cut off their access. 

T-Mobile revealed that during the data breach, the threat actors did not gain access to the driver’s licenses, government IDs, SSNs, tax IDs, passwords, PINs, or PCI (Payment Card Information).

T-Mobile said, “Rather, the impacted API is only able to provide a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features.”

T-Mobile reported the incident promptly, worked with law enforcement agencies to investigate the breach, and notified all impacted customers.


T-Mobile’s Data Breach History

Here are all the other data breaches that T-Mobile has faced over the years: 

  • Back in 2019, T-Mobile exposed the account information of its prepaid customers. 
  • In March 2020, the personal and financial information of T-Mobile employees was compromised during a data breach.
  • Threat actors accessed customer proprietary network information, including call records and phone numbers, in December 2020.
  • Unknown attackers accessed an internal T-Mobile application without authorization in February 2021.
  • Hackers were able to infiltrate T-Mobile’s network using brute-force tactics in August 2021 following a breach of a T-Mobile testing environment.
  • Using stolen credentials, the Lapsus$ extortion gang breached T-Mobile’s network in April 2022.



Final Words

Data breaches are always a huge issue for an organization inviting legal issues and resulting in loss of customer trust. The latest T-Mobile data breach is no exception and will affect T-Mobile in the long term. Even if the number of affected customers is small, the data that the threat actors were able to access is far more significant and can cause a lot of harm.

What will happen to the customers in the long term is a question that only time will answer. Meanwhile, customers should enjoy the full benefits of the free Transunion myTrueIdentity credit monitoring and identity theft detection and stay vigilant.