T-Mobile revealed in a financial filing that a hacker accessed a trove of personal data belonging to 37 million customers, TechCrunch reported.
This marks the eighth time the tech giant has been hacked since 2018. T-Mobile says that the “bad actor” started stealing personal data which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” on November 25, 2022.
T-Mobile said in the SEC filing that it detected the breach over a full month later, on January 5, and that it fixed the problem that the hacker was exploiting within a day. The company also says that the hackers didn’t breach any company system but rather abused an application programming interface, or API.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.
The T-Mobile news comes as the World Economic Forum (WEF) warns the current level of global instability could lead to a “catastrophic cyberattack” within the next two years, Cybersecurity Dive reports.
About 86% of business leaders believe such an event is possible, the WEF said, citing research in the Global Cybersecurity Outlook Report 2023. The report is a forecast based on surveys, interviews and workshops with more than 300 business leaders and security experts from around the globe. Accenture conducted the survey in conjunction with the WEF’s Centre for Cybersecurity.
Findings showed that there are rising fears about how the growing political instability across the globe, including events like Russia’s invasion of Ukraine, could result in such a catastrophic cyberattack. And, as the global supply chain became more dependent on automation following the COVID-19 pandemic, a large number of countries and private sector organizations lack the existing investment or the available number of workers to mitigate the impact of such an event.
Accenture chair and CEO Julie Sweet referenced data that showed 43% of business leaders said they expect such a cyber event to have a material impact on their businesses, while only 27% believe they are cyber resilient.
“The gap between cyber resilient companies and the likelihood of a materially catastrophic event is significant,” Sweet said.