Security News > 2023 > September > T-Mobile US exposes some customer data – but don't call it a breach
Infosec in brief T-Mobile has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.
According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address.
Note, as Reddit poster Jman100 JCMP did, T-Mobile means fewer than 100 customers had their data exposed - but far more appear to have been able to view those 100 customers' data.
As for the breach, the appearance of exposed T-Mobile data was alleged by malware repository vx-underground's X account.
The Register understands T-Mobile examined the data and determined that independently owned T-Mobile dealer, Connectivity Source, was the source - resulting from a breach it suffered in April.
Connectivity Source was indeed the subject of a breach in April, in which an unknown attacker made off with employee data including names and social security numbers - around 17,835 of them from across the US, where Connectivity appears to do business exclusively as a white-labelled T-Mobile retailer.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/25/tmobile_exposes_some_customer_data/
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- T-Mobile pays $31.5 million FCC settlement over 4 data breaches (source)
- US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants (source)
- T-Mobile confirms it was hacked in recent wave of telecom breaches (source)
- US space tech giant Maxar discloses employee data breach (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)