T-Mobile has had so many data breaches over the years that it’s somewhat understandable that people may rush to assume that something is a breach of their system when it was not.
This week, we heard of two situations like that. The first involved customers reporting that after they logged in to T-Mobile’s app, they could see other customers’ billing and account information. Although the reports seemed to mushroom in social media coverage, T-Mobile issued a statement to The Verge that said the issue was neither a cyberattack nor a breach at T-Mobile. They claimed it was a temporary “technology update” glitch that affected fewer than 100 customers. So maybe not a breach, but a leak due to a temporary vulnerability?
Then there was a second concern this week about a breach when a forum user posted data on BreachForums that was described as being from a T-Mobile breach in April 2023. But according to T-Mobile, the data were not from their system. T-Mobile told BleepingComputer that the leaked data is believed to belong to an authorized retailer breach earlier this year. “The data being referred to online is believed to be related to an independently owned authorized retailer from their incident earlier this year. T-Mobile employee data was not exposed,” T-Mobile told BleepingComputer.