Data Breach

T-Mobile Data Breach

76.6M records exposed • August 2021

A hacker found an unlocked door (a vulnerable API) in T-Mobile's systems and walked out with the personal data of 76 million people - that's nearly 1 in 4 Americans. Names, Social Security numbers, driver's licenses, all of it. T-Mobile has been breached multiple times, making this a pattern, not a one-time mistake.

What Happened

In August 2021, T-Mobile suffered one of the largest data breaches in telecom history. A hacker exploited an unprotected API to access personal data of over 76 million current, former, and prospective customers. This was not T-Mobile's first breach - they've experienced multiple security incidents between 2018-2023.

Attack method: API vulnerability exploitation

What Data Was Exposed

Full names, Social Security numbers, Driver's license numbers, Phone numbers, Addresses, Dates of birth, IMEI numbers, Account PINs

Is your business exposed?

What to Do If You're Affected

  1. 1.

    Check if you were affected at haveibeenpwned.com

    Have I Been Pwned

  2. 2.

    Freeze your credit with all three bureaus

  3. 3.

    Change your T-Mobile account PIN

  4. 4.

    Set up a SIM swap protection PIN with your carrier

  5. 5.

    Monitor your credit reports for suspicious activity

    AnnualCreditReport.com

  6. 6.

    Watch for phishing attempts using your stolen data

  7. 7.

    Consider an identity theft protection service

Lessons for Businesses

  • APIs need the same security scrutiny as any other system entry point
  • Regular security audits and penetration testing are essential
  • Companies that experience repeated breaches may have systemic security issues
  • Customers should assume their data may be compromised and act accordingly

Sources

Related Breaches

Att 2024, Verizon 2017, Sprint 2019

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices