IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

T-Mobile customers at heightened risk of phishing attacks in wake of data breach

T-Mobile confirmed that while customer information was exposed, no financial data or company systems were compromised

Cyber security experts have warned that T-Mobile customers could face increased phishing attacks after a data breach exposed millions of customer records.  

The US telecoms provider revealed yesterday that it is investigating a security incident after discovering “unusual activity” on 5 January.  

A “preliminary” investigation by the company found that the threat actor(s) took advantage of an API vulnerability to obtain data on 37 million customers.

Data exposed in the breach included account holder names, email addresses, phone numbers dates of birth, billing addresses, and account numbers.  

However, the company insisted that no information was exposed that could “compromise the safety of customer accounts or finances”.  

“As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event,” T-Mobile said in its advisory

“No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.” 

T-Mobile added that there is currently “no evidence” to suggest the threat actor(s) breached or compromised its network or systems. However, the firm warned that the culprit could have been stealing data as far back as 25 November.   

Dr Ilia Kolochenko, founder of ImmuniWeb, warned that although critical financial data was not stolen in this data breach, the incident could still create significant risks for customers.  

Access to customer names and email addresses could be harnessed by threat actors to conduct targeted phishing campaigns in months to come.  

“While the financial data of the customers is reportedly safe, the compromised billing details can be aptly exploited by cyber criminals for sophisticated spear phishing attacks aimed, amongst other things, to steal 2FA tokens from other systems,” he said. 

Alexander Heid, chief research and development officer at SecurityScorecard echoed Kolochenko’s comments, but added that this latest breach pales in comparison to previous incidents.  

"It was unauthorised access on a web application/API that leaked customer data that could be useful in phishing or spamming - and does not seem to be as serious as previous T-Mobile breaches from recent years leaked SSN numbers.” 

API vulnerabilities rising

API vulnerabilities have escalated significantly in recent years as businesses globally continue to embed applications within their service offerings.  

Research last year found that 95% of companies had encountered some form of API-related security incident between April 2021 and 2022. A similar study from Imperva revealed that API vulnerabilities cost businesses $75 billion (£60.6 billion) each year.  

Gartner’s API Security and Management report last year predicted that, across 2023, APIs will become the most frequent attack vector for threat actors globally.  

The consultancy also believes that more than half of data theft will come as a result of insecure or vulnerable APIs.  

Kolochenko warned that unprotected APIs are “rapidly becoming one of the primary sources of disastrous data breaches” and creating serious challenges for global businesses.  

“The situation is aggravated by shadow IT that now encompasses not only the forgotten, abandoned, or undocumented APIs and web services but also the full spectrum of accidentally exposed APIs from test and pre-production environments that may be hosted or managed by numerous third parties that have privileged access to sensitive corporate data,” he said. 

T-Mobile's string of breaches 

This incident marks the latest in a string of eight data breaches for T-Mobile in the last five years.

In 2021, a cyber attack on the telecoms provider compromised personal data belonging to around 50 million customers.  

Related Resource

Cost of a data breach report 2022

Discover the factors to help mitigate breach costs

Whitepaper cover with title and square image of line graph beginning to break and lift upFree Download

Two years prior, hackers compromised internal company networks and stole the personal data of more than a million US customers. This cyber attack came just one year after an “international group” was found to have compromised systems and obtained customer data.  

At the time, T-Mobile said this affected 3% of its 77 million-strong customer base, amounting to around 2.3 million users.

A spokesperson for the US Federal Communications Commission (FCC) told the Wall Street Journal that the incident could prompt an official investigation.  

In its statement yesterday, T-Mobile said the company plans to invest heavily in its internal cyber security capabilities to prevent future incidents from occurring.  

“While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cyber security programme.” 

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

Warning issued over ransomware attacks targeting VMware ESXi servers globally
cyber attacks

Warning issued over ransomware attacks targeting VMware ESXi servers globally

6 Feb 2023
ION Trading reportedly pays LockBit ransom demands
ransomware

ION Trading reportedly pays LockBit ransom demands

6 Feb 2023
BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud
Business strategy

BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud

31 Jan 2023