T-Mobile November 2022 Data Breach

T-Mobile recently announced that they have been the victim of a data breach, in which a bad actor used a single Application Programming Interface (API) to obtain limited types of information on customer accounts. The company stated that as soon as the issue was identified, they shut it down within 24 hours. T-Mobile emphasized that their systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. Additionally, the company stated that there is no evidence that the bad actor breached or compromised T-Mobile’s network or systems.

While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, T-Mobile wants to be transparent with their customers and ensure they are aware. The company reported that no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. However, some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.

T-Mobile understands that an incident like this has an impact on their customers and regrets that this occurred. While the company, like any other company, is unfortunately not immune to this type of criminal activity, they plan to continue to make substantial, multi-year investments in strengthening their cybersecurity program. They have also advised customers to be vigilant of any suspicious activities and to report any suspicious calls or emails. T-Mobile is working with the authorities and cybersecurity experts to investigate the incident and to prevent similar breaches from happening in the future.