T-Mobile Data Breaches: Full Timeline Through 2023

The most recent T-Mobile data breach was reported in January 2023, when a bad actor accessed data on up to 37 million customer accounts.

Below is a full timeline of the T-Mobile data breaches through 2023, starting with the most recent.

January 2023: Hacker Uses API to Access Data on 37 Million Accounts

In January 2023, T-Mobile announced that a “bad actor” exploited an API vulnerability to obtain information from customer accounts. While the exact impact of the data breach isn’t known, up to 37 million postpaid and prepaid accounts are potentially affected.

T-Mobile identified malicious activity – which took place in November 2022 – on January 5, 2023, and contained the incident within 24 hours. The company states that no sensitive information – such as credit card numbers – was gathered by the attacker during the hack.

However, the company admits that some personally identifiable information, such as names, billing addresses, phone numbers, and emails, was breached. The company began notifying customers whose details were compromised in January 2023.

August 2021: Hackers Steal Data on Nearly 77 Million T-Mobile Customers

In August 2021, T-Mobile announced a data breach involving 40 million T-Mobile customers. Over time, the number of impacted customers climbed, ultimately reaching 76.6 million. Highly sensitive data was gathered by hackers, including names, Social Security numbers, and information from driver’s licenses.

The data featured a mix of current customer records and individuals who applied for credit with T-Mobile. Account numbers, phone numbers, passwords, PINs, or financial data like credit card numbers were not part of the breach.

In June 2022, T-Mobile agreed to a settlement on a class-action lawsuit filed by customers who were harmed in the breach. The wireless company agreed to pay $350 million to settle claims made by customers and an additional $150 million to improve its cybersecurity measures.

December 2020: Hackers Access Customer Information on 200,000 Accounts

In January 2021, T-Mobile announced a data breach that it detected in December 2020. Unauthorized access to customer information was detected, and the company took swift action once it identified the attack to prevent further data acquisition.

In total, around 200,000 T-Mobile customers were impacted by the breach. The hack specifically involved “customer proprietary network information (CPNI),” such as phone numbers, the number of lines on accounts, and some call-related data. Customer names, email addresses, financial details, passwords, PINs, and Social Security numbers were not stolen during the incident.

March 2020: Hacker Accesses T-Mobile Employee Email Data

In March 2020, T-Mobile announced a data breach involving employee email accounts, some of which held data on T-Mobile customers and other employees. The wireless company belied the information gathered could have included names, addresses, phone numbers, account numbers, and more. Additionally, a group of users had more sensitive data – including Social Security numbers and financial information – compromised during the attack.

The number of impacted customers and employees wasn’t disclosed. However, notifications went out to customers and recommended specific security measures, such as updating passwords and PINs.

November 2019: Over 1 Million Prepaid T-Mobile Customers Impacted by Data Breach

In November 2019, T-Mobile announced a data breach involving more than 1 million prepaid customer accounts. Hackers accessed personal information, including names, addresses, phone numbers, and account numbers. Credit card information and Social Security numbers were not part of the breach. Additionally, passwords weren’t compromised.

The attack itself was detected in early November 2019, and T-Mobile took immediate action to halt it. The exact nature of the hack wasn’t disclosed, and T-Mobile didn’t state how long the information was exposed before the attack was identified.

August 2018: Data on 2 Million T-Mobile Subscribers Stolen

A relatively short attack occurred in August 2018, but it nonetheless exposed a significant amount of T-Mobile subscriber data. By exploiting an API with a vulnerability, hackers were able to gain access to a database and collect information on an estimated 2 million T-Mobile subscribers.

Customer names, account numbers, billing address zip codes, phone numbers, and email addresses were potentially exposed during the incident. Financial data and Social Security numbers weren’t stolen. Additionally, passwords weren’t accessed.

T-Mobile informed the impacted customers with relative speed, primarily recommending password changes and vigilance. The company also broadly recommended regular password changes as a security measure to all customers, regardless of whether they were impacted by the breach.

October 2017: Website Bug Exposes Customer Data

In October 2017, reports emerged about a website bug that exposed customer data by making it possible for hackers to gather information. Attackers simply need to know or guess a customer’s phone number as a means of obtaining data, including information like account numbers, email addresses, and IMSIs, numbers that identify individual devices.

Using the flaw in the site, hackers could have potentially scraped data on any number of T-Mobile subscribers, which totaled around 70 million at the time of the incident. However, T-Mobile stated that only a small portion of its customer base was affected by the breach.

The issue was subsequently patched. However, hackers reported that the vulnerability was potentially used more broadly than previously expected, potentially for SIM swapping or similar activities.

October 2015: Data on 15 Million T-Mobile Subscribers Stolen from Experian

While the incident, which was reported in October 2015, didn’t involve breaching T-Mobile systems, the impact directly hit the wireless company’s customers. Names, addresses, birth dates, Social Security numbers, driver’s license numbers, and passport numbers were compromised, with approximately 15 million T-Mobile customers being impacted.

Hackers breached the Experian network and collected T-Mobile data. The data was provided to Experian for the purpose of conducting credit checks on customers who wanted to finance phones or open up new accounts with the carrier.

The hack involved data provided by customers over the course of more than two years. All victims were notified by Experian and offered credit monitoring.

November 2009: Millions of T-Mobile Customer Records Stolen and Sold to Rival Companies

Reports emerged in November 2009, outlining a T-Mobile data breach impacting potentially millions of customers. Customer records were acquired and sold to rival carriers, giving them information about customers – including contract end dates – that companies could use to attempt to lure customers away from T-Mobile.

During an investigation, T-Mobile approached a watchdog group after identifying evidence that an employee was illegally selling customer data to others, primarily turning to brokers who would then resell the information. T-Mobile instituted safeguards to prevent similar activity in the future. The exact number of impacted customers wasn’t clear, but the total number of records reached into the millions.

About the Author

Find Catherine on Firewall Times

Catherine Reed

Catherine Reed is a writer and researcher with experience writing about a wide variety of topics including personal finance, technology, and staffing.

3 thoughts on “T-Mobile Data Breaches: Full Timeline Through 2023”

  1. I have dedicated my time to do these although am not supposed to be doing but the laudable job Henry did for me worth more than what i paid for,l have never dream of getting my husband phone call details and receiving his whatsapp and text messages(not even anytime soon).The day i started receiving all his messages that was the day l promised to come back to where l saw recommendation about him and join the good people to spread and share my experience. Married women pls contact him via email: Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp him on +12014305865, or +17736092741, and be saved from the bondage subjected by those selfish men.

  2. Hello everyone, Need hacking related services? Be warned, most of these so-called hackers here are impostors, I know how real hackers work, they never advertise themselves in such a credulous manner and they are always discrete. I’ve been ripped off so many times out of desperation trying to find urgent help over my wife sudden attitude for so help me, my friend introduced me to a reliable hacker who work with discretion and delivers, he does all sorts of hacks but he helped me see through fiancé Facebook and also wire his phone calls direct to my phone. I get to see he never loves me but wants to take over all I have and my inheritance. more power to your elbow HENRY, contact through.. Email: Henryclarkethicalhacker@gmail.com, and you can also text, call him, whatsapp on +1(201)4305865, or +1(773)6092741 for best job delivery He will help you out with any hacking related issues cos
    His job is 100% untraceable and you will never regret contacting him because he’s honest, truthful and trustworthy….

  3. I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp him on +12014305865, or +17736092741..


Leave a Comment