T-Mobile breached in apparent Lapsus$ attack

Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung.

T-Mobile confirmed a recent data breach after reports tied cybercrime gang Lapsus$ to the theft of the telecom company's source code.

In a statement shared with SearchSecurity on Monday, T-Mobile said its monitoring tools detected an unnamed threat actor "several weeks ago," who stole credentials and used them to "access internal systems that house operational tools software."

Though the company named no threat actor behind the attack, T-Mobile's attacker appears to have been Lapsus$, an emerging threat group that breached multiple enterprises in recent months including Microsoft, Okta, Samsung and Nvidia.

Information tying the group to the attack came from cybersecurity reporter Brian Krebs, who broke news of the hack Friday. Krebs had reportedly found internal Telegram memos from key members of Lapsus$, who discussed breaching T-Mobile and stealing source code in March. This was, according to Krebs, shortly before London police arrested seven teenagers connected to the gang.

T-Mobile released the statement confirming the attack soon after Krebs' article was published. The company claimed no customer, government or "similarly sensitive" data was stolen.

"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," the statement read. "Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."

If Lapsus$ was responsible for the attack, T-Mobile's claim that customer data was not accessed would be in line with previous breaches attributed to the gang. For example, Lapsus$ previously accessed source code for Samsung and Microsoft during its breaches against the two enterprises.

T-Mobile is one of the largest mobile phone service providers in the world; its parent company Deutsche Telekom AG has a market cap of over $90 billion, and in 2020 it merged with fellow mobile provider Sprint. T-Mobile is also no stranger to cybersecurity breaches. Last year, a hacker exposed the data of tens of millions of T-Mobile customers. Data included personally identifiable information such as first and last names, birthdates, Social Security information and government ID numbers.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Data security and privacy