A recent filing with the United States Securities and Exchange Commission (SEC) shows that T-Mobile suffered another data breach. As a result of the security failure, a hacker was able to access the personal information of approximately 37 million customers. The attack reportedly occurred on November 25 but was not discovered until early this year.
The national data privacy and class action law firm Levin Law, P.A. (“Levin Law”) continues to investigate security failures from major telecommunications companies across the country including the most recent T-Mobile data breach. If you received a notice that your information was accessed without your authorization, contact Levin Law at (305) 402-9050 or email firstname.lastname@example.org for a free case evaluation.
According to a January 19, 2023 filing with the SEC, T-Mobile experienced a significant data breach affecting approximately 37 million customer accounts. As noted in the filing, the telecom company discovered that a “bad actor” had gained unauthorized access to customer accounts through an “Application Programming Interface” or API.
The hacker reportedly first retrieved personal data using the API on or around November 25, 2022. It is believed that the bad actor had access to information including customer names, addresses, emails, phone numbers, and birth dates. Furthermore, the unauthorized user may have been able to access T-Mobile account numbers and account information.
T-Mobile says that they are continuing to investigate the security failure and have retained external cybersecurity experts. Individuals affected by the data breach are strongly encouraged to speak to a cybersecurity and data privacy litigation lawyer today.
It is not the first time that the mobile provider has experienced a major security breach. As we previously discussed, T-Mobile made headlines when a hacker was able to gain access to the personal information of over 50 million users. The cyberattack reportedly enabled hackers to engage in SIM-swapping scams which resulted in millions of dollars in losses to certain cryptocurrency holders.
The hacker was eventually revealed to be a 21-year-old American residing in Turkey. Allegations at the time included that the mobile carrier failed to provide adequate security to protect its customers from the attack. It is believed that the data breach allowed the hacker to gain access to critical information including customer PINs, IMEI (International Mobile Equipment Identity), and IMSIs (International Mobile Subscriber Identity).
In a Wall Street Journal interview, the hacker described the fatal flaw in the company’s security which allowed him to gain unauthorized access to customer accounts. It is unclear whether the same “flaw” allowed bad actors to again infiltrate T-Mobile’s system.
If you were one of the millions that were affected by T-Mobile’s most recent security breach or another cybersecurity incident, contact Levin Law P.A. for a free case evaluation. Call (305) 402-9050 or email Levin Law founder and managing attorney Brian Levin directly at email@example.com.
Most cases are handled on a contingency fee basis, meaning that clients are not obligated to pay Levin Law’s attorney fees unless money is recovered on their behalf.
Levin Law is a premier national cryptocurrency, securities, commodities, futures, and class action law firm. Brian Levin, Levin Law’s founding attorney, has helped recover in excess of $150,000,000 through arbitration and litigation for individual and institutional investors throughout the country and the rest of the world. Levin Law represents retirees, individual investors, high-net-worth investors, ultra-high-net-worth investors, institutions, family offices, trusts, publicly held companies, and others.