YOU ARE AT:CarriersThe FCC says it is investigating the T-Mobile US data breach

The FCC says it is investigating the T-Mobile US data breach

More than 40 million former, current and prospective T-Mobile US customers were impacted by a cyberattack

Following a cyberattack initially disclosed on Aug. 17 that resulted in customer data being accessed by an unauthorized party, T-Mobile US said today that it is “confident that we have closed off the access and egress points the bad actor used in the attack.”

According to T-Mo, compromised data includes:

  • First and last names, dates of birth, Social Security numbers, and driver’s license/ID info of 7.8 million current postpaid subscribers
  • IMEI and IMSI info
  • Names, addresses, dates of birth, phone numbers, IMEI and IMSI for 5.3 million postpaid subs
  • First and last names, dates of birth, Social Security numbers, and driver’s license/ID info from 40 million “former or prospective” customers
  • Names, phone numbers, addresses and dates of birth for 667,000 former customers

CEO Mike Sievert on Twitter said, “I want to assure you that our…team is doing their best to get answers to your questions about our recent cyberattack.” The company has set up a dedicated site detailing the data breach and suggesting protective actions customers can take.

A spokesperson for the U.S. Federal Communications Commission told Reuters, “Telecommunications companies have a duty to protect their customers’ information. The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating.”

Moody’s Investors Service circulated a report regarding the data breach incident summarizing the impact to the operator as “credit negative because of the financial, reputational and legal costs associated with data breaches. The breach underscores T-Mobile’s struggles in recent years with safeguarding personal data, with the company disclosing a data breach at least once ever year since 2018.”

NordVPN Digital Privacy Expert Daniel Markuson warned that the compromised data could be used for phishing scams, which he characterized as “one of the biggest concerns from these types of breaches. Such scams are usually very effective as criminals use a piece of real information, for example, your name and taxpayer ID. Cybercriminals could send fake emails pretending to be your pharmacy, bank, hotel or even governmental institution.”

For it’s part, T-Mobile US is offering customers two years of free McAfee ID Theft Protection; suggesting that customers set up Scam Sheild; and reset PINs and passwords.

ABOUT AUTHOR

Sean Kinney, Editor in Chief
Sean Kinney, Editor in Chief
Sean focuses on multiple subject areas including 5G, Open RAN, hybrid cloud, edge computing, and Industry 4.0. He also hosts Arden Media's podcast Will 5G Change the World? Prior to his work at RCR, Sean studied journalism and literature at the University of Mississippi then spent six years based in Key West, Florida, working as a reporter for the Miami Herald Media Company. He currently lives in Fayetteville, Arkansas.