T-Mobile

On January 19, mobile telecommunications company T-Mobile posted a press release notifying users of a data breach that exposed the information of 37 million customer accounts. The breach, detected on January 5, resulted from a threat actor accessing a T-Mobile Application Programming Interface (API) since at least November 25. The customer information obtained in the breach included full names, billing addresses, email information, phone numbers, dates of birth, account numbers, and service plan features. In the release, T-Mobile defined the stolen data as limited; however, the information accessed could be used to launch convincing phishing attacks against affected users to obtain additional information or trick victims into downloading malicious files. Additionally, an attacker could use the compromised information to conduct SIM swapping attacks, where a threat actor uses a victim’s personal information to convince wireless carriers to transfer the information from the victim’s SIM card to one the attacker controls. A successful SIM swapping attack may allow the threat actor to log in to the victim’s other accounts through MFA, steal information, change password information, and extract funds. The NJCCIC recommends that T-Mobile customers treat unexpected messages or emails from unverified senders with caution and remain vigilant for unexpected account activity or potential identity theft.