Personal data of 37 million T-Mobile customers hacked in a new cyber attack

A hacker accessed the personal data of over 37 million customers of telecom company T-Mobile. In the financial filing on January 19, the company said that the hacker was stealing data like name, email, phone number, date of birth, billing address, T-Mobile account number, and other information since November 25.

As per T-Mobile, there is no evidence that the systems and network had been compromised, but the hacker abused an application programming interface (API). The company said that the hacker was not able to access more sensitive information like social security numbers, payment card information, government identification numbers, etc. The hack was first detected on January 5; T-Mobile said that the problem was fixed in a day.

In April 2022, T-Mobile’s source code was stolen by the Lapsus$ hacking group. The company had then claimed that the group stole credentials and gained access to the internal systems, although no sensitive customer or government data was stolen. Before that, in August 2021, at least 47 million T-Mobile customer account data was stolen in a massive data breach. Since 2018, the company’s systems have been breached eight times. 

A recent report by analyst company Canalys, predicted that cybersecurity would be a high priority for organisations in 2023 amidst heightened levels. The report further said that global cybersecurity spending is expected to increase by 13.2% and total spending going up to $223.8 billion. In particular, governments and bigger enterprises will increase their cybersecurity spending, as compared to small businesses’ investments in the domain.