T-Mobile has suffered its second data breach in under six months, marking the seventh incident within the past five years for the telecommunication giant. This recent breach, though smaller compared to the 37 million subscribers affected in January, still compromised the personal information of 836 customers.
T-Mobile’s security measures in question
In a form letter shared by Infosecurity, T-Mobile stated that it detected unauthorized activity on its network in March, with illicit access beginning in late February. The company claimed that no financial information or call logs were obtained; however, account PINs and a significant amount of personally identifiable information (PII) were exfiltrated.
The stolen information varied for each customer, potentially including full names, contact information, account numbers, associated phone numbers, T-Mobile account PINs, social security numbers, government IDs, dates of birth, balance due, internal codes used for servicing customer accounts, and the number of lines.
T-Mobile mailed letters to affected customers on April 28. Those who did not receive a letter are likely not impacted by the breach. The company also reset account PINs for the affected customers, which may have caused some account issues.
A history of data breaches
T-Mobile has had tens of millions of customer records compromised over the years. Its first reported breach occurred in 2018, when two million records and hashed passwords were accessed. A year later, more than a million customers had their data exposed. Breaches in March and December 2020, followed by 48 million customer records posted on the dark web in 2021, further added to T-Mobile’s security woes.
Capita’s unsecured AWS S3 bucket
In other security news, London-based digital services firm Capita is facing allegations from a security researcher that it left an AWS S3 bucket unsecured for seven years. The password-free bucket reportedly contained 3,000 files totaling 655GB, including software files, server images, spreadsheets, PowerPoint presentations, and text documents. One of the documents allegedly contained login details for one of Capita’s systems. Filenames found in the bucket suggest it is still in use. The researcher notified Capita in late April, and the bucket was secured shortly afterward. Capita claimed that nothing in the bucket was sensitive.
Ransomware attack on university text alert system
Students at Virginia’s Bluefield University faced a ransomware attack during finals week, with hackers also gaining access to the college’s RamAlert system. The attackers claimed to have 1.2TB of data and are ready to use it. Bluefield University has warned faculty not to use their university email and delayed finals by a day as they address the situation.
{{user}} {{datetime}}
{{text}}