In T-Mobile related news this week, a faulty update exposed customer data, and T-Mobile authorized retailer Connectivity Source suffered a data breach.
Faulty update mix-up
The faulty T-Mobile update resulted in customers seeing other users’ sensitive data when logged in to their T-Mobile accounts.
According to The Verge, who first broke the story on Wednesday, the exposed data included customers’ “credit balance, purchase history, credit card information, and home address.”
T-Mobile, in a statement to The Verge, downplayed the leak, indicating that “fewer than 100 customers” were affected and that the problem “was quickly resolved.”
Stolen Employee Data
Researchers from VX Underground announced yesterday in a post on X (formerly Twitter) that 90 GB of personal identifiable information, including names, email addresses and partial SSNs, belonging to T-Mobile employees was stolen and leaked online.
In a follow up post, VX Underground shared that the breach allegedly occurred back in April 2023, although the stolen data was first leaked yesterday. The data was shared on BreachForum, as well as in Telegram channels.
However, although VX Underground identified the data as belonging to T-Mobile employees, the BreachForum post described its source as “T-Mobile, Connectivity Source.” Connectivity Source is an authorized T-Mobile retailer.
T-Mobile further clarified the situation in an email statement to Safe Not Scammed:
“There has not been a T-Mobile data breach. The data being referred to online is believed to be related to an independently owned authorized retailer from their incident earlier this year. T-Mobile employee data was not exposed.”
A history of leaks
While the stolen employee data is not from T-Mobile, the wireless carrier is unfortunately no stranger to data leaks. Back in March, hackers stole sensitive information from 836 of the wireless carrier’s customers. And in January, a leaky API allowed hackers to steal information from 37 million T-Mobile users.