Multiple T-Mobile USA customers have gone to social media to report seeing the sensitive information of other customers when logging in to view their personal account.
The leaked data includes credit card balances, purchase history, credit card information, device IDs, and home addresses. The issue was initially severe enough that the T-Mobile subreddit requested users to stop sharing information via social media.
“ATTENTION: We are aware of the security issue going on. For security reasons, we are not allowing posts on the topic,” the post read. “Please do not post any information about the ongoing issue. We’re waiting to hear from T-Mobile and do not want to exacerbate the issue.”
As of Sept. 20, T-Mobile said that the issue has been resolved and was due to a “technology update” glitch.
“There was no cyberattack or breach at T-Mobile. This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved,” said Tara Darrow, T-Mobile spokesperson, in a statement.
While this may come as a relief for some, to others it may only further raise concerns about whether T-Mobile has questionable cybersecurity safeguards, due to the company facing multiple breaches this year alone. January, T-Mobile fell victim to a breach that exposed 37 million customers’ data, which went on to also affect customers of Google Fi. This past May, the company yet again faced an attack that started in February and ended in March, affecting 836 customers.
And of course, the telecom operator suffered a data breach in 2021 that affected 47 million people, ultimately leading to a class-action lawsuit and a $500 million settlement. And last year, T-Mobile agreed to pay a settlement of $2.5 million as restitution for its role in the 2015 Experian data breach, which affected 15 million prospective T-Mobile customers.