T-Mobile Has Disclosed a Security Breach, Its Fourth Data Breach in the Past Three Years

T-Mobile has disclosed a security breach, its fourth data breach in the past three years.

The investigation found that hackers accessed customer details such as phone numbers, the number of lines subscribed to an account, and, in some cases, call-related information, which T-Mobile said it collected as part of the normal operation of its wireless service.


Cybersecurity experts weighed-in on the breach and what yet another security slip-up means for T-Mobile.


Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services:

“The volume of attacks and successful attacks against wireless carriers continues to rise. In this particular case, one has to wonder if it is related to the merging of two titans. Sprint had a series of issues last year and this is a another in a list of success attacks on T-Mobile. In our industry, when issues continue regardless of impact, we usually go back to the drawing board. It feels like there is an opportunity here to review the foundations of cyber relative to the merged entity and find out where quick wins can be had to shore up defenses. With the volume of successful attacks that we are seeing, either they are suffering from consistent advanced persistent threats or there is something easily exploited that is being overlooked.”

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions:

“While it appears that the attackers weren’t able to collect any highly sensitive personal data of T-Mobile customers, there is still risk posed to those whose phone numbers were stolen in the breach.

An area code is all an attacker needs to carry out a socially engineered mobile phishing attack. Lookout discovered a mobile phishing campaign in February 2020 that associated area codes with popular banks in the area to try to phish mobile banking login credentials.

The attacker can pretend to be T-Mobile support over voice or text in order to get customers to share their login credentials. Since customers know there was a recent security incident, they may not think twice before engaging with an individual who claims they can help. If this were successful and the attacker made their way into the customer’s account, they could have access to sensitive information associated with the account.

Mobile phishing represents one of the biggest security blind spots for individuals and enterprise security teams alike. Since it can be incredibly difficult to identify phishing attempts on smartphones and tablets, it’s more important than ever to have mobile phishing protection on all of your mobile devices.”


Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers:

“It's important that in industry we don't dog pile on every breach with accusations of failure. The correct lens to view this event through is the impact, not prevention – prevention will always fail eventually. Given that the reported impact of this breach appears to be significantly less impactful than prior breaches, this could be an indication that the investments that T-Mobile has made in cyber-resilience are paying dividends even if there may still be opportunities for further progress ahead.”


###