T-Mobile suffered a massive data breach in August 2023, exposing the personal information of 37 million customers, including names, billing addresses, emails, phone numbers, dates of birth, and account details. The breach originated from a malicious actor exploiting an API vulnerability, gaining unauthorized access to customer data over a month-long period. While T-Mobile confirmed no financial data (e.g., credit cards, SSNs) or passwords were stolen, the exposed information heightened risks of phishing, SIM-swapping, and identity fraud. The incident marked the ninth major breach for T-Mobile since 2018, raising concerns over its cybersecurity practices. Regulators and customers criticized the company’s failure to prevent recurring attacks, despite prior settlements and promises to bolster security. The breach’s scale and the sensitivity of leaked data though not financial posed significant reputational damage and operational disruptions, including customer churn and potential lawsuits.
Source: https://www.hunton.com/privacy-and-information-security-law/2025/11
TPRM report: https://www.rankiteo.com/company/t-mobile
"id": "t-m2604326110525",
"linkid": "t-mobile",
"type": "Breach",
"date": "6/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{}