Attack Case Study

T-Mobile
 T-Mobile discovered on August 17, 2021, that
a bad actor had obtained personal data
unlawfully. Initially, the bad actor was able to
access T-infrastructure Mobile's on
preferably by July 19, 2021. We have
Attack Category: confirmed that a portion of T-Mobile data
Security Data Breach had been accessed and/or obtained by
unauthorized people, and the data stolen
from our systems did contain some personal
information. However, our investigation is
still ongoing. You may find the most recent
information on the affected data here.
According to a statement from the mobile service provider, the investigation
into the data breach began last week when the company was "advised of
accusations made in an online forum that a bad actor had hacked T-Mobile
systems. "According to the business, the stolen files contained data on more
than 40 million past or potential customers who had applied for credit with the
company, as well as information on about 7.8 million existing T-Mobile
accounts. First and last names, social security numbers, driver's licence
numbers, and other details about consumers were among the data that was
exposed, according to T-Mobile. The PINs of around 850,000 current prepaid
consumers were also included.
 More than 40 million people's personal information was made public
1 due to a cyberattack on T-Mobile.

The access point that we suspect was utilised to unlawfully access our
2 servers was then discovered and shut down immediately.

To anyone who thinks they may be impacted, McAfee is providing two

3 years of free identity protection services with its ID Theft Protection
Timeline Service.
Company Name Attack urging all eligible T-Mobile users to sign up for free scam-blocking
4 protection through Scam Shield
With our Account Takeover Protection capabilities, we give postpaid
5 clients an additional layer of security for their mobile accounts, making
it more difficult for accounts to be fraudulently moved out and stolen.
The names, phone numbers, and account PINs of about 850,000 active
6 T-Mobile prepaid customers were disclosed.

The mobile operator
disclosed that the leaked
data includes full names,
dates of birth, SSNs, and
driver's license/ID
information for over 40
million previous or
potential customers who
had applied for credit with
T-Mobile in addition to 7.8
million current T-Mobile
Vulnerabilities postpaid users. For these
people, no phone
SMS phishing
SMS Phishing assaults could
be carried out using SMS.
messages sent under the
cellphone operator's name. In
the instance of the 48 million
current, former, and potential
T-Mobile users whose
personal information was
exposed, initially.
SIM swapping
SIM swapping is an additional
assault specialized to phone
users. This occurs when an
attacker is successful in
getting a mobile operator to
link a victim's phone number
to a SIM card that is in their
possession so that the attacker
can receive all of the victim's
calls and texts.

numbers, account
numbers, PINs,
passwords, or financial Victim profiles
details were disclosed.
Unfortunately, 850,000 The more breaches occur, the easier it is for attackers to
active T-Mobile prepaid
customers' names, build complete victim profiles and launch attacks that
contact information, and are increasingly hard to detect by both companies and
account PINs were made users.
public.
 Costs Prevention
• Given that the average cost of a data breach has • A free two-year subscription to McAfee's ID Theft
increased to more than $1.5 million, the mobile Protection Program, which includes credit
operator may incur significant costs as a result of monitoring and full-service identity theft
the data breach 4.7 million dollars. protection, is being made available to all impacted
• According to the US, hackers stole the information T-Mobile users.repair, identity protection,
on 7.8 million postpaid service customers. surveillance of the dark web, and more.
Together with more than 40 million records of • All T-Mobile customers can use the company's
previous or potential consumers, the data of Scam Shield app, which enables caller ID and
roughly 850,000 prepaid users was also automatically rejects calls marked as frauds.
compromised. Business and postpaid customers can also use
TMobile's free Account Takeover Protection
service.