Security News > 2023 > September > T-Mobile US exposes some customer data – but don't call it a breach

T-Mobile US exposes some customer data – but don't call it a breach
2023-09-25 02:31

Infosec in brief T-Mobile has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.

According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address.

Note, as Reddit poster Jman100 JCMP did, T-Mobile means fewer than 100 customers had their data exposed - but far more appear to have been able to view those 100 customers' data.

As for the breach, the appearance of exposed T-Mobile data was alleged by malware repository vx-underground's X account.

The Register understands T-Mobile examined the data and determined that independently owned T-Mobile dealer, Connectivity Source, was the source - resulting from a breach it suffered in April.

Connectivity Source was indeed the subject of a breach in April, in which an unknown attacker made off with employee data including names and social security numbers - around 17,835 of them from across the US, where Connectivity appears to do business exclusively as a white-labelled T-Mobile retailer.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/25/tmobile_exposes_some_customer_data/