This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts.
T-Mobile disclosed yet another data breach last week, which affected the personal data from approximately 37 million customer accounts.
The mobile phone carrier said last Thursday that a "bad actor" used a single API to obtain personal data from customer accounts. According to its disclosure, T-Mobile found no evidence that the threat actor compromised its network or systems. However, the actor obtained a significant amount of customers' personal information.
"Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features," the disclosure read.
This latest hack marks at least the third breach for the telecom giant in the past three years. In early 2022, threat group Lapsus$ stole source code from the company. In mid-2021, a threat actor stole the account details of roughly 40 million T-Mobile customers.
In this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the T-Mobile breach, as well as its ramifications for the company.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is a writer, journalist and podcaster based in Boston.