T-Mobile logo (image source: Marcus (Reuters) & New York Times, 2020)
One-sentence summary:
T-Mobile suffered another data breach in February 2023 that affected 836 customers and their sensitive data, including SSNs, DOBs, and T-Mobile PINs.
Who was involved?
T-Mobile, 836 consumers, and a threat actor.
What was the timeline?
Late February 2023: Breach starts
March 2023: T-Mobile detects data breach and quickly terminates it
April 28, 2023: T-Mobile begins consumer notification
What occurred?
After disclosing a data breach in January, T-Mobile underwent another breach in February 2023 that involved 836 customers and their data, including: “full name, contact information,
account number and associated phone numbers, T-Mobile account PIN, social security
number, government ID, date of birth, balance due, internal codes that T-Mobile uses to
service customer accounts (for example, rate plan and feature codes), and the number of
lines” (T-Mobile, 2023, p. 1).
Estimated costs:
Associated incident response costs, breach notification costs, 24 months of identity theft services at Transunion
Involved laws:
State: Maine: 10 M.R.S.A. § 1346
Massachusetts: 201 CMR 17.00 and M.G.L.A. 93H § 1
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Marcus (Reuters), S. & New York Times. (2020, April 1). 01tmobile-01-mediumSquareAt3X.jpg. New York Times. https://static01.nyt.com/images/2020/04/01/business/01tmobile-01/01tmobile-01-mediumSquareAt3X.jpg
T-Mobile. (2023). Consumer Sample.pdf. In Data Breach Notifications. Office of the Maine Attorney General. Retrieved May 3, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/ea3bf342-eca7-4833-b128-7b09f6893ac4/00363120-37a5-4248-aa8c-0be84d146071/document.html
Volynsky, G. (2023). Data Breach Notifications. In Privacy, Identity Theft and Data Security Breaches. Office of the Maine Attorney General. Retrieved May 3, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/ea3bf342-eca7-4833-b128-7b09f6893ac4.shtml
