YOU ARE AT:CarriersT-Mobile: API was used to access customer account information

T-Mobile: API was used to access customer account information

T-Mobile US has suffered another data breach, with the company disclosing that a single Application Programming Interface (API) was used to “obtain limited types of information” on some of its customers.

T-Mo said it was in the process of informing those customers, and that the information involved was “basic customer information” such as names, addresses, dates of birth, and customer contact information, plus service plan features and number of lines on the account.

“As soon as our teams identified the issue, we shut it down within 24 hours,” the carrier said in a statement. “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”

The company went on to say that the data breach did not include passwords, payment card information or other financial account information, Social Security numbers or government ID numbers.

“While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware. … While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” the carrier said.

T-Mobile US has disclosed more than half a dozen data breaches since 2018, with the largest one coming in 2021 after affecting more than 75 million current, former and potential T-Mobile US customers. In July of this year, T-Mobile US agreed to a $350 million settlement in a class action lawsuit over that data breach, in addition to committing to spending $150 million to bolster its cybersecurity. T-Mobile US CEO Mike Sievert had indicated in the immediate wake of the 2021 breach that T-Mobile US was expanded its relationship with security company Mandiant and had begun working with KPMG to bolster its security strategy.

ABOUT AUTHOR

Kelly Hill
Kelly Hill
Kelly reports on network test and measurement, as well as the use of big data and analytics. She first covered the wireless industry for RCR Wireless News in 2005, focusing on carriers and mobile virtual network operators, then took a few years’ hiatus and returned to RCR Wireless News to write about heterogeneous networks and network infrastructure. Kelly is an Ohio native with a masters degree in journalism from the University of California, Berkeley, where she focused on science writing and multimedia. She has written for the San Francisco Chronicle, The Oregonian and The Canton Repository. Follow her on Twitter: @khillrcr