msp responder, t-mobile hack, t-mobile data breach, t-mobile cyberattack

The MSP Responder: T-Mobile Data Breach

What Happened?

On August 17, 2021, T-Mobile learned that an organized cybercriminal posted on a known crime forum that they had come into possession of millions of T-Mobile customer records. Such records were identified as customer account names, phone numbers and the IMEI numbers of phones on the account.

What Was Affected?

T-Mobile would later confirm in a post to its site regarding the hack that the primary data stolen included names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, and T-Mobile account PINs.

According to T-Mobile’s report regarding the hack, they explain that “approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.”

T-Mobile said it immediately closed the access point where they believed the cyberattack originated and confirmed that no phone numbers, account numbers or passwords were compromised for current or prospective customers, and that there was no indication that financial, credit card or other payment information had been stolen.

The price tag on the stolen data amounted to $270,000.

T-Mobile Has Been a Target Before.

The August 2021 hack was only the most recent case in a history of T-Mobile attacks.

In 2018, a similar hack occurred, this time affecting two million customers. The data compromised during that breach was personal account data like phone numbers, email addresses and account numbers.

In 2019, T-Mobile’s email vendor was hacked, opening the door to both customer and employee personal information.

How Can I Prevent a Data Breach for My Users?

While no phishing software is 100% effective, we strongly encourage you to add email security as a critical part of your security stack. Other tactics like end user training, email encryption, and implementing MFA are key pieces to keeping your data safe.

Here’s how to Select the Best Phishing Protection Solution for Your Users.

Preventing Ransomware Attacks eBook (PDF)

Read an in-depth summary where we look at several recent ransomware attacks to break down exactly what happened, which ransomware prevention plans worked, and which ones didn’t hold up when it mattered the most.

Want to receive more information like this?

Mailprotector strives to help MSPs keep organizations safe. In doing so, we like to send occasional information on cybersecurity-related news events. As an email security company, we promise not to over-share!

Stay aware of email threats

Get notified whenever a new MSP Responder article is published: