Security News

T-Mobile hit by data breaches from Lapsus$ extortion group. T-Mobile was the victim of a series of data breaches carried out by the Lapsus$ cybercrime group in March.

The company added that it has mitigated the breach by terminating the hacker's group access to its network and disabled the stolen credentials that were used in the breach. Using these credentials Lapsus$ members can get access to the company's internal tools like - Atlas an internal T-Mobile tool for managing customer accounts.

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. "T-Mobile, in a statement, said that the incident occurred"several weeks ago, with the "Bad actor" using stolen credentials to access internal systems.

T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "Several weeks ago" using stolen credentials and gained access to internal systems. Per T-Mobile, the Lapsus$ hackers didn't steal sensitive customer or government information during the incident.

An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS group messages. The New Jersey Cybersecurity & Communications Integration Cell issued a warning after multiple customers have filed reports of being targeted by this new SMS phishing campaign.

The New York State Office of the Attorney General warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services that their info was found online, demonstrating that affected consumers are now at heightened risk for identity theft.

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "Very small number of customers" who fell victim to SIM swap attacks. SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards.

T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month. Last year, when it announced the Scam Shield service, T-Mobile said it could detect or block approximately 12 billion scam calls in 2019 and that around 30 million Americans fell victim to a phone scam within 12 months.

On Thursday, a 21-year-old US citizen claiming to be the attacker who stole data on more than 50 million T-Mobile customers called the telecom's security "Awful." As of Aug. 18, T-Mobile had estimated the total number of ripped-off records to be ~40 million: a number that rose to ~50 million on Aug. 20 and could double if the purported thief is true to his word.

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. Sievert added that, following an investigation supported by Mandiant security experts, the company closed the access points used by the hacker to breach T-Mobile's network.