T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms

T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms

Learn how to stay safe amid the rise in telecom data breaches

by Kurt Knutsson

The telecom industry is one of cybercriminals’ favorite targets, likely because of the sensitive data it stores. Your carrier knows what you search on the web, which websites you visit, who you call, and what you text. This type of information is valuable not only to hackers but also to governments. That’s probably why US phone giant T-Mobile was hacked as part of a broad cyberattack on domestic and international phone and internet companies in recent months.

 

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

T-Mobile kiosk

T-Mobile

 

What you need to know

There was unauthorized access to a limited number of T-Mobile routers using methods indicative of a major Chinese cyber-espionage operation, but T-Mobile’s layered defenses and security monitoring enabled T-Mobile to quickly identify and shut down the threat.

The report revealed that hackers connected to a Chinese intelligence agency breached T-Mobile as part of a months-long effort to spy on the cellphone communications of high-value intelligence targets. However, the report did not specify when the attack occurred, but T-Mobile says that no customer calls or communication records were stolen. 

The US government also confirmed earlier this month that Chinese hackers breached multiple US telecommunications service providers to access wiretap systems used by law enforcement for surveillance of Americans. Wiretap systems allow law enforcement agencies to monitor phone calls, text messages, and internet communications as part of investigations, typically with a warrant. 

CISA (Cybersecurity and Infrastructure Security Agency) and the FBI issued a joint statement revealing “a broad and significant” cyber espionage campaign. The statement disclosed that PRC-affiliated hackers had breached networks at “multiple telecommunications companies” across the United States. While CISA and the FBI did not name the organizations affected, multiple reports suggest that T-Mobile, AT&T, Lumen (formerly CenturyLink), and Verizon are likely on the list.

WSJ reported in October that Chinese hackers had access to the networks “for months or longer,” enabling them to collect “internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers.”

A person typing on a MacBook

 

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

 

T-Mobile’s many data breaches

T-Mobile has faced several hacks in recent years. In 2021, a malicious actor breached T-Mobile’s lab environment by posing as a legitimate connection to an unidentified piece of equipment. The hacker guessed passwords for multiple servers and moved laterally through the network, ultimately stealing personal data—including names, addresses, Social Security numbers, and driver’s license IDs—from tens of millions of customers.

In 2022, T-Mobile experienced another breach when a malicious actor used SIM-swapping, phishing, and other tactics to infiltrate the company’s internal platform for managing mobile resellers who serve T-Mobile customers.

The troubles continued into 2023. Early in the year, hackers used phished credentials from dozens of T-Mobile retail employees to access a sales application originally set up during the COVID-19 pandemic for remote viewing of customer data. Then, in January 2023, a misconfigured application programming interface (API) exposed personal data for 37 million current customers, marking yet another significant security lapse.

A person wearing a hoodie using a computer

 

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

 

T-Mobile’s response

When CyberGuy reached out to T-Mobile regarding the latest security incident, a spokesperson provided the following statement:

T-Mobile is closely monitoring this industry-wide attack. Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced. We will continue to monitor this closely, working with industry peers and the relevant authorities.

 

5 ways to stay safe amid the rise in telecom data breaches

1) Change your passwords regularly: Make it a habit to update your passwords every few months, especially for your telecom accounts and related services. Use strong, unique passwords that include a mix of letters, numbers, and symbols. Password managers can help you generate and store these securely.

 

2) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers

Get Incogni here

Get Incogni for your family (up to 4 people) here

 

3) Use identity theft protection: Identity theft protection services monitor your accounts for unusual activity, alert you to potential threats, and can even assist in resolving issues if your data is compromised.

My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Exclusive CyberGuy deal: 66% off Ultra Annual Plans: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year. 

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

 

4) Enable two-factor authentication (2FA): Add an extra layer of security to your telecom accounts with 2FA. This requires a second form of verification—like a text code or an app-based prompt—making it harder for hackers to access your accounts even if they have your password.

 

5) Guard against phishing scams with strong antivirus software: Be cautious about unsolicited calls, texts, or emails that ask for personal information or account access. Legitimate companies won’t ask for sensitive details this way. If something seems off, contact your telecom provider directly through official channels. Whatever you do, don’t click on links, as they can lead to scams or malware.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

 

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

 

Kurt’s key takeaway

Telecom providers like T-Mobile and AT&T are frequent targets for hackers. Over the last two years, millions of Americans have had their data stolen—things like call records, text messages, and even personal details. The issue got so bad that the FCC stepped in, warning T-Mobile to step up its cybersecurity efforts. The company was fined about $30 million, split between a $15 million penalty and a mandatory $15 million investment in better security. Unfortunately, if the companies handling your data keep getting breached, there’s only so much you can do.

Do fines and penalties for telecom companies feel like enough of a deterrent, or should they face stricter consequences? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.


   

7 comments

SA November 19, 2024 - 6:44 am

i am so very grateful for your comprehensive help. 💖

Reply
Randy H. November 19, 2024 - 7:02 am

I think fines are enough but the amount should be significant, with ridiculous increases per violation. Rigid employee training should be mandated and verifiable, along with continuing to beef up internal web security measures.

Reply
Bill, J November 19, 2024 - 8:15 am

Lets see if I understand this. T-Mobile is hacked and data is stolen from millions of Americans. The government steps in after several breaches and tells them to clean up their act and then fines them 15 million which does not go back to those subject to the loss of their data. You realize T-Mobile made 48 BILLION dollars last year. 15 million is probably less than they spend in a year for paper clips and staples. Your solution is for the people affected by the breach to spend more money on anti-virus software, identity theft protection software and identity scrubbing software. Anyone suffering a data breach should be compensated for the purchase of this software by the company involved in the breach for at least 5 years and fines should get the get the companies attention and cause some financial pain. Any fines should also be distributed to those involved in the data breach and not go to the government. When investors see profits drop due to management incompetency things will change.

Reply
Beto M. November 19, 2024 - 9:04 am

If our elected officials actually cared about the public they would have very tough regulations for any company collecting personal data. Apparently telecom, social media and internet sales companies donate more in cash and DATA than the public can ever hope to.It would take a massive outcry from the public ton change things. Too many people have the attitude, “I have nothing to hide.” That might change when they face Identity theft.Until it happens to them it’s not a problem.

Reply
John November 19, 2024 - 1:32 pm

Until the hackers are met with lethal responses, nothing will be done to slow or stop them.

Reply
Earl N November 19, 2024 - 5:09 pm

Fines and penalties are not enough. They should compensate those affected with more than a free subscription to a credit monitoring agency.

Reply
David November 19, 2024 - 7:40 pm

Govt needs to force all telcoms to greatly increase security ( devote the resources) until any intrusions are rare and not preventable despite all efforts. I would pay a higher bill for more security. Fines should not be on co. Stockholders but on Sr. Management and Security execs and maybe the Board. Really kick butt when there is a breach! Very angry about it!

Reply

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder