Cyber Incident Victim: T-Mobile US
Date:
Dec 2020
Location:
United States of America
Summary
T-Mobile experienced a security breach where attackers accessed customer proprietary network information, including phone numbers, call records, and account line counts, but did not compromise names, addresses, financial data, or passwords. The company detected malicious unauthorized access and warned affected customers to watch for phishing attempts. This incident follows prior breaches affecting customer information in preceding years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
T-Mobile publicly disclosed a data breach on December 30, 2020, following the discovery of unauthorized access to customer proprietary network information (CPNI). The company's security team identified malicious activity on its systems and subsequently engaged an external cybersecurity firm to conduct a forensic investigation. This investigation confirmed that threat actors had infiltrated systems containing telecommunications usage data generated by customers. T-Mobile initiated customer notifications via text messages starting December 29, 2020, alerting affected individuals about the security incident. The compromised information included customer phone numbers, details about the number of lines associated with each account, and in certain cases, call-related information collected during normal service operations. T-Mobile emphasized that the breach exclusively involved CPNI as defined by Federal Communications Commission regulations, which encompasses data inherent to telecommunications service provision. The company's notification clarified that the intrusion did not result from customer actions but represented a failure of T-Mobile's internal security measures.
The breach exposed operational metadata but did not compromise personally identifiable information or financial data. Specifically excluded from the accessed records were account holder names, physical addresses, email addresses, payment card details, Social Security numbers, tax identification numbers, and authentication credentials such as passwords or PINs. T-Mobile warned affected customers to remain vigilant against smishing (SMS phishing) attempts that might leverage stolen phone numbers to impersonate the company, particularly messages requesting sensitive information or containing links to external websites. This incident marked at least the fourth major security event for T-Mobile within three years, following breaches in 2018 affecting general customer data, a 2019 incident targeting prepaid account holders, and a March 2020 compromise that exposed both customer and financial information. The company provided no details regarding the number of affected accounts, intrusion methods, or specific remediation steps beyond the initial notification and recommendation for customer vigilance against phishing attempts.