Security News > 2023 > September > T-Mobile US exposes some customer data – but don't call it a breach
Infosec in brief T-Mobile has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.
According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address.
Note, as Reddit poster Jman100 JCMP did, T-Mobile means fewer than 100 customers had their data exposed - but far more appear to have been able to view those 100 customers' data.
As for the breach, the appearance of exposed T-Mobile data was alleged by malware repository vx-underground's X account.
The Register understands T-Mobile examined the data and determined that independently owned T-Mobile dealer, Connectivity Source, was the source - resulting from a breach it suffered in April.
Connectivity Source was indeed the subject of a breach in April, in which an unknown attacker made off with employee data including names and social security numbers - around 17,835 of them from across the US, where Connectivity appears to do business exclusively as a white-labelled T-Mobile retailer.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/25/tmobile_exposes_some_customer_data/
Related news
- SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work (source)
- US cancer center data breach exposes info of 827,000 patients (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- T-Mobile, Verizon workers get texts offering $300 for SIM swaps (source)