T-Mobile suffered a **massive data breach** in August 2023, exposing the personal information of **37 million customers**, including names, billing addresses, emails, phone numbers, dates of birth, and account details. The breach originated from a malicious actor exploiting an API vulnerability, gaining unauthorized access to customer data over a month-long period. While T-Mobile confirmed no financial data (e.g., credit cards, SSNs) or passwords were stolen, the exposed information heightened risks of **phishing, SIM-swapping, and identity fraud**. The incident marked the **ninth major breach** for T-Mobile since 2018, raising concerns over its cybersecurity practices. Regulators and customers criticized the company’s failure to prevent recurring attacks, despite prior settlements and promises to bolster security. The breach’s scale and the sensitivity of leaked data—though not financial—posed **significant reputational damage** and operational disruptions, including customer churn and potential lawsuits.
Source: https://www.hunton.com/privacy-and-information-security-law/2025/11
TPRM report: https://www.rankiteo.com/company/t-mobile
"id": "t-m2604326110525",
"linkid": "t-mobile",
"type": "Breach",
"date": "6/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{}