T-Mobile welcomed Christmas with its second data breach in less than six months
UPDATE: The confirmation we've been waiting for has arrived, although as far as we can tell, T-Mobile has yet to put out any kind of official statement on this thorny matter on its website or social media channels. Instead, the "Un-carrier" responded to BleepingComputer's request for a reaction to the leaked documents from earlier this week, predictably highlighting the "very small number of customers" that were recently informed of one of two issues (or both at the same time) connected to their accounts.
Specifically, some folks "may have" had their SIM cards "illegally reassigned" while others' "limited account information was viewed" by a presumably unidentified bad actor. Just in case that doesn't sound scary enough, it sure looks like T-Mo still doesn't know exactly how all of this could have happened, disappointingly claiming that "unauthorized SIM swaps are unfortunately a common industry-wide occurrence" as if that would ever appease an impacted user.
For what it's worth, Magenta is insisting the "issue was quickly corrected", with "additional protective measures" then "proactively" being put in place to keep your data... as safe as possible going forward. Our original story follows below.
##
While the huge data breach identified back in August is likely to remain unrivaled (in the worst possible sense of the word) in the wireless industry for many years to come, T-Mo customers will undoubtedly be disappointed to hear their mobile network operator has recently experienced another bout of "unauthorized activity." Yes, already.
The good news is the account information viewed without authorization and presumably stolen this time around is not quite as extensive as during the previous breach, with no social security numbers, birth dates, or personal identification data compromised in any way, at least to Magenta's current (leaked) knowledge.
The even better news is the number of people impacted by the latest cyberattack seems to be a lot smaller than the tens of millions of current, former, and prospective T-Mobile subscribers that had to suffer the consequences of the carrier's negligence just a few months ago.
On the not so bright side of things, those who did have their accounts breached sometime over the last few weeks should be extremely worried of how their personal information has or will be unlawfully used in the future.
We're talking a "small number of customers" with billing account names, phone numbers, numbers of active lines, account numbers, rate plan names and MRCs (monthly recurring charges) compromised, as well as another "small number of customers" whose SIM cards were changed without permission.
Worse yet, a presumably smaller separate group of T-Mobile customers were impacted by both attack types, suffering a so-called SIM swap and losing control of all that personal info listed above with potentially catastrophic consequences.
For what it's worth, T-Mo did apparently reverse all the SIM swap incidents while notifying every single affected customer, which makes it a little weird that the new breach doesn't seem to be publicly acknowledged in any way, at least at the time of this writing.
Unfortunately, these small-scale incidents are actually pretty frequent occurrences in this day and age, but of course, T-Mobile will have to live with being scrutinized a little closer than usual for a while after this year's completely unprecedented hack.
Things that are NOT allowed: