T-Mobile said Monday it experienced a hack that exposed account PINs and other customer data in the company’s second network breach this year and its ninth since 2018.
The break-in, which began Feb. 24 and lasted until March 30, affected 836 customers, according to a report on Maine Attorney General Aaron Frey’s website.
“The information obtained for each customer varied, but may have included full name, contact details, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes) and the number of lines,” the company wrote in a letter to affected customers. Account PINs, which customers use to exchange SIM cards and authorize other important changes to their accounts, were reset after T-Mobile discovered the breach on March 27.
The incident is the second hack to affect T-Mobile this year. It is the ninth since 2018, according to TechCrunch reports. In January, T-Mobile said that “bad actors” misused application programming in a way that allowed them to access the data of 37 million customers. The hack started on November 25, 2022 and was not discovered by T-Mobile until January 5, according to TechCrunch. Data obtained in that incident included names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and information such as number of lines on accounts and subscription features.
From 2018 through 2022, T-Mobile has disclosed seven more hacks. In the most recent of these, reported in April 2022, a hacker gang called Lapsus$ gained access to the company’s internal tools and from there performed so-called SIM swaps, a type of hack that allows unauthorized people to transfer someone’s phone number to the phone. of the threat actor.
Other data breaches include one in 2021 that exposed data from 49 million customers.
