T-Mobile’s Hack Of 37 Million Users Leaves Black Community At Risk
Same script, different act, with T-Mobile as it revealed the second major breach in less than two years. A hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts, according to a regulatory filing. When it comes to data breaches they are often more problematic for people of color living on fixed or low incomes, therefore mitigating widespread damage from this data breach to these communities is imperative for T-Mobile to restore consumer confidence.
The Breakdown You Need To Know:
T-Mobile believes the attacker first retrieved data around November 25th, 2022, through one of its APIs. However, this is nothing new for the telecom company as it has disclosed eight hacks since 2018, with previous breaches exposing customer call records in January 2021. CultureBanx reported the wireless carrier warned it could incur significant costs tied to the incident, though T-Mobile said it doesn’t currently expect a material effect on the company’s operations.
The company has more than 110 million customers and disclosed in August 2021 that the names, Social Security numbers and information from driver’s licenses or other identification of just over 40 million people who applied for T-Mobile credit were exposed in the data breach. Additionally, data for around 7.8 million monthly for phone service users also appeared to be compromised.
It’s important for the company to also understand how its data breach continues to impact vulnerable communities to allocate money towards fixing issues stemming from this incident. Currently it has 38% of the U.S. prepaid market, and if you look at the breakdown by race, 14% of T-Mobile users are Black, according to Nielsen.
Situations like these have a negative impact on Black people who are 53% more likely to claim a data breach led to a loss or decrease in business, according to a report from the Rand Corporation. People of color often fall victim to incorrect or stolen information that in turn can have long-term crippling effects.
The attacker had access to the exploited API for over a month, though it did not include any social security numbers, credit card information, government ID numbers, passwords, PINs, or financial information. T-Mobile claims it traced the source of the malicious activity and fixed the API exploit within a day of the detection.