T-Mobile Data Breaches


T-Mobile has reported eight data breaches since 2018  

This page explains how these data breaches happened, and the consequences for the affected customers. 

February 2023 T-Mobile data breach 

T-Mobile disclosed a data breach after attackers managed to access the personal information of hundreds of customers for more than a month. The breach took place between late February 2023 and March 2023 and exposed information that put the affected customers at risk of identity theft and phishing attacks. Over 800 T-Mobile customers were affected by this breach. No financial account information or call records were affected 

January 2023 T-Mobile data breach

In January 2023 a hacker stole the personal information of 37 million current T-Mobile postpaid and prepaid customers. The attack took place between 25 November 2022 and 5 January 2023 when a bad actor gained access to its servers and stole user data. 

The stolen data included customer names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and some account and plan features. 

Google also alerted Google Fi customers that their data was stolen as part of the T-Mobile data breach. Google Fi uses T-Mobile’s network.   

April 2022 T-Mobile data breach

In April 2022, T-Mobile confirmed that the Lapsus$ extortion gang had breached its network and gained access to its internal systems. It did this by using stolen credentials. The hackers managed to steal T-Mobile’s source code in a series of breaches that took place in March that year. 

August 2021 T-Mobile data breach

In August 2021, T-Mobile admitted that, once again, hackers had accessed its systems. The confirmation of the latest T-Mobile breach came after some customer data was found for sale on a cybercriminal forum. The seller asked for 6 bitcoin (around £203,000) for a 30 million subset of the data. The seller claimed to be selling the rest of the data privately. According to the seller, the stolen data included the social security numbers, phone numbers, names, physical addresses, unique IMEI (International Mobile Equipment Identity) numbers, and driver license numbers.  

The breach happened after a hacker brute forced his way through T-Mobile’s network. The hacker then stole data belonging to 54.6 million current, former, or prospective customers. The 21-year-old who claimed responsibility for the hack said that T-Mobile had unprotected routers and weak spots in its internet addresses.  

February 2021 T-Mobile data breach

T-Mobile disclosed another data breach in early 2021 after an unknown number of customers were affected by SIM hijacking. This happens when scammers take control of an individual’s phone number. Once a SIM is hijacked, the criminals receive all messages and calls intended for the victim. This makes it easy for criminals to bypass security systems, steal further data, and take over online accounts

December 2020 T-Mobile data breach

In December 2020, T-Mobile announced another data breach, this time exposing the proprietary network information (CPNI) of its customers. This information included phone numbers and call records. 

Following the breach T-Mobile made the following statement: “Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved”. 

March 2020 T-Mobile data breach

In March 2020, a data breach at T-Mobile exposed the personal and financial information of employees. According to T-Mobile, its email vendor was hacked, and this gave an unauthorised person access to its employee’s email accounts. Some of the hacked email accounts contained T-Mobile customer information. 

2019 T-Mobile data breach

In November 2019, T-Mobile suffered a severe data breach. Over a million pre-paid customers were believed to be affected. According to T-Mobile, the following data might have been exposed in the data breach: 

  • names 
  • phone numbers 
  • billing addresses 
  • account numbers 
  • rates, plans and calling features 

T-Mobile was very unforthcoming about the data hack and did not provide additional information about the hack at the time of the breach. 

For victims of the data breach, this stance was both unhelpful and potentially dangerous. Without the full picture, T-Mobile customers remained at risk as the stolen information could have been used by cybercriminals to commit fraud/identity theft and other crimes.   

2018 T-Mobile data breach

In 2018, the mobile carrier experienced a data breach that exposed the information of around 3% of all T-Mobile customers. In total, around 3.9 million customers were believed to be affected. The 2018 T-Mobile data breach compromised customer names, billing addresses, dates of birth, phone numbers, email addresses, account numbers, and account types. T-Mobile subsequently admitted that encrypted passwords were also stolen. 

Is T-Mobile taking data protection seriously enough?

Commenting on the issue of repeat data protection failures, Kingsley Hayes said: 

“An increasing number of companies like T-Mobile are experiencing multiple security breaches. And, where there is a pattern of violations, there are likely to be significant security issues at play. Cybercriminals are smart, and they understand this and are ready and able to exploit such vulnerabilities. 

“Fraudsters have come to understand the value of data and recognise that they can use personal information to commit theft and other crimes. However, while hackers know the importance of data, companies either do not or are not prepared enough. Indeed, with so many big organisations experiencing multiple security incidents, at best we could argue that big companies are not learning effectively from their security mistakes. Others might say they do not care. 

 “The truth is, in many cases, organisations are lucky that they have not suffered more data attacks. Because, when you adopt a reactive “break-fix” approach rather than a proactive security-first approach, it’s only a matter of time before something else goes wrong”.