T-Mobile has suffered another customer data breach, as reported earlier Monday by Bleeping Computer. While this one is very small — affecting just over 800 people — it follows a massive data breach impacting millions of people in January that prompted questions about T-Mobile’s cybersecurity track record.
The latest data breach for the nation’s second-largest wireless carrier occurred between Feb. 24 and March 30 and was discovered March 27. During a breach caused by hacking, 836 people had their names and driver’s license or identification card numbers stolen, as well as possibly their account PIN, Social Security number, date of birth, balance due and phone plan, among other details. Financial account information and call records were not breached.
“We notified a small number of customers that our systems and processes worked to detect and stop a bad actor who was accessing accounts using compromised credentials,” T-Mobile told CNET in an emailed statement. The carrier will continue investigating the breach to “expand the safeguards,” it said.
The breach follows T-Mobile in January saying a “bad actor” took advantage of one of its application programming interfaces to gain data on “approximately 37 million current postpaid and prepaid customer accounts.”
Another data breach in 2021 affected 54 million customers and led to a huge $500 million class-action settlement announced in January 2022 that just closed up applications for folks to get a piece of.
There were also a couple of breaches in December 2021 and November 2022.