T-Mobile Confirms Insider Breach Exposing Sensitive Customer Data
T-Mobile has disclosed a recent insider breach involving unauthorized access to a single customer’s sensitive information. According to a filing with the Maine Attorney General’s Office, the compromised data included the victim’s full name, physical and email addresses, birthdate, account number, phone number, T-Mobile account PIN, Social Security number, and driver’s license number.
A T-Mobile spokesperson confirmed that the incident stemmed from a vendor employee improperly accessing the customer’s records. The company emphasized that no credentials were compromised and that law enforcement and the affected individual were promptly notified. The breach appears to be an isolated case, though questions remain about whether the reported "1" affected account was a placeholder in initial disclosures.
This incident follows a string of high-profile security failures at T-Mobile, including a 2023 API exploitation attack that exposed 37 million customer accounts. The company continues to face scrutiny over its data protection practices.
Source: https://www.scworld.com/brief/data-breach-notice-clarified-by-t-mobile
T-Mobile cybersecurity rating report: https://www.rankiteo.com/company/t-mobile
"id": "T-M1775514990",
"linkid": "t-mobile",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1',
'industry': 'Telecommunications',
'name': 'T-Mobile',
'type': 'Telecommunications'}],
'attack_vector': 'Insider Threat',
'customer_advisories': 'Affected individual notified',
'data_breach': {'number_of_records_exposed': '1',
'personally_identifiable_information': 'Full name, physical '
'and email addresses, '
'birthdate, account '
'number, phone number, '
'T-Mobile account PIN, '
'Social Security '
'number, driver’s '
'license number',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'description': 'T-Mobile has disclosed a recent insider breach involving '
'unauthorized access to a single customer’s sensitive '
'information. The compromised data included the victim’s full '
'name, physical and email addresses, birthdate, account '
'number, phone number, T-Mobile account PIN, Social Security '
'number, and driver’s license number. The incident stemmed '
'from a vendor employee improperly accessing the customer’s '
'records.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Full name, physical and email addresses, '
'birthdate, account number, phone number, '
'T-Mobile account PIN, Social Security number, '
'driver’s license number',
'identity_theft_risk': 'High'},
'post_incident_analysis': {'root_causes': 'Vendor employee improperly '
'accessing customer records'},
'references': [{'source': 'Maine Attorney General’s Office'}],
'regulatory_compliance': {'regulatory_notifications': 'Filing with Maine '
'Attorney General’s '
'Office'},
'response': {'communication_strategy': 'Public disclosure via filing with '
'Maine Attorney General’s Office',
'law_enforcement_notified': 'Yes'},
'threat_actor': 'Vendor Employee',
'title': 'T-Mobile Insider Breach Exposing Sensitive Customer Data',
'type': 'Insider Breach'}