T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount of exposed information is highly extensive and exposes affected individuals to identity theft and phishing attacks.
This is the second such incident T-Mobile has revealed since the start of the year, with the previous data breach disclosed on January 19, after attackers stole the personal information of 37 million customers by abusing a vulnerable Application Programming Interface (API) in November 2022.
The mobile carrier spotted the threat actors' malicious activity on January 5 and cut off their access to its systems within 24 hours.
T-Mobile described the data stolen in the January breach as "basic customer information," including "name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features."
Since 2018, the mobile carrier has disclosed seven other data breaches, including one that exposed the information of roughly 3% of all T-Mobile customers.