Another major telco admits personal data was obtained by hackers who exploited a leaky API. 11% of all Americans are affected.
Argishti Khudaverdyan used phishing and social engineering to fool T‑Mobile employees into giving him access to corporate systems.
Pierce Gorman’s 34 years of engineering for T-Mobile and Sprint included a leading role in the creation of STIR/SHAKEN.
The mobile operator will also spend another $150mn on upgrading security following a 2021 privacy breach that compromised data relating to 76.6 million people.
Security researcher Brian Krebs reviewed leaked Telegram chats between two childish members of the LAPSUS$ hacker-extortion gang.
The mobile operator said hackers had compromised data for 7.8mn postpaid customers, 850,000 prepaid customers, and 40mn records for former or prospective customers.
An underground forum was used to advertise the sale of personal data that hackers claim to have stolen from T-Mobile servers.
Academics from Princeton found more than half the numbers they obtained could be linked to personal data about former users.
T-Mobile USA will pay the FCC’s largest fixed-amount civil penalty as redress for Sprint wrongly claiming Lifeline payments.
The FCC said a cascade of failures would have been prevented if T-Mobile USA had periodically audited the diversity of their networks.