Security News

T-Mobile hacked to steal data of 37 million accounts in API data breach
2023-01-19 22:19

T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming...

T-Mobile hacker gets 10 years for $25 million phone unlock scheme
2022-12-18 15:03

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems. "Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile's services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans."

Experian, T-Mobile US settle data spills for mere $16m
2022-11-08 17:00

Experian and T-Mobile have reached separate settlements with 40 US states following a pair of data breaches in 2012 and 2015. Experian will be bearing the largest brunt of the fine, with $14 million coming from the credit reporting company.

Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
2022-08-03 20:17

A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million. Argishti Khudaverdyan, 44, of Burbank, California, was found guilty of 14 criminal charges [PDF] by a US federal jury on Friday.

Mobile store owner hacked T-Mobile employees to unlock phones
2022-08-02 15:02

A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones. "From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile's network, as well as the networks of Sprint, AT&T and other carriers," details the announcement of the U.S. Department of Justice.

T-Mobile US to cough up $550m after info stolen on 77m customers
2022-07-25 20:58

T-Mobile US has agreed to pay about $550 million to end legal action against it and improve its security after crooks infiltrated the self-described Un-carrier last summer and harvested personal data belonging to almost 77 million customers. The cellular network operator agreed to pay $350 million plus legal fees to settle a class-action lawsuit brought by customers whose data was compromised in an August 2021 privacy breach, according to documents filed with the US Securities and Exchange Commission on Friday.

T-Mobile to cough up $500 million over 2021 data breach
2022-07-25 18:20

Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered "T-Mobile USA. Full customer info."

T-Mobile hit by data breaches from Lapsus$ extortion group
2022-04-25 19:59

T-Mobile hit by data breaches from Lapsus$ extortion group. T-Mobile was the victim of a series of data breaches carried out by the Lapsus$ cybercrime group in March.

Lapsus$ Hackers Target T-Mobile
2022-04-25 13:32

The company added that it has mitigated the breach by terminating the hacker's group access to its network and disabled the stolen credentials that were used in the breach. Using these credentials Lapsus$ members can get access to the company's internal tools like - Atlas an internal T-Mobile tool for managing customer accounts.

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
2022-04-23 01:47

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. "T-Mobile, in a statement, said that the incident occurred"several weeks ago, with the "Bad actor" using stolen credentials to access internal systems.