T-Mobile Says Customer Data Was Not Exposed in Recent Cyberattack

Published on November 28, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

T-Mobile announced on Wednesday that they successfully thwarted a recent cyberattack, preventing unauthorized access to sensitive customer data. T-Mobile says it severed the connection to the compromised network, halting the attackers’ progress and protecting customer information. 

Jeff Simon, T-Mobile's Chief Security Officer, confirmed in a blog post that the company detected malicious activity originating from an unspecified wireline provider's network, which was connected to T-Mobile's systems. Simon noted, "Bad actors had no access to sensitive customer data, including calls, voicemails, or texts."

The announcement follows reports linking Chinese-backed cyberespionage group Salt Typhoon (aka Earth Estries, FamousSparrow, GhostEmperor, and UNC2286) to recent attacks on major telecom providers, including AT&T, Verizon, and Lumen. 

These hackers reportedly exfiltrated sensitive customer call records, intercepted private communications, and accessed information directed to law enforcement under court orders. 

However, while T-Mobile identified similarities in the attackers’ techniques, no definitive links have been established between this incident and Salt Typhoon.

Further complicating the situation, the FBI and CISA have been investigating what is described as a “broad and significant cyberespionage campaign” by Chinese-affiliated actors. This campaign reportedly disrupted communications for political figures and infiltrated devices linked to campaign personnel ahead of the 2020 U.S. presidential election.

Additionally, Simon represented T-Mobile at a recent White House meeting to discuss national-level cyber threats, further underscoring the company’s role in safeguarding critical infrastructure.

Other major players like AT&T and Verizon reportedly suffered breaches, emphasizing the growing need for collaboration among telecom firms to combat these large-scale attacks, which first surfaced when hackers accessed sensitive customer data stored on Snowflake accounts that lacked adequate protection. 

In other news, security investigators are trying to identify a notorious hacker known as “Kiberphant0m,” believed to be behind significant data theft and extortion schemes targeting cloud storage platform Snowflake customers, including AT&T and more. Recent evidence strongly suggests that Kiberphant0m might be a U.S. Army soldier who is or was recently stationed in South Korea.

Salt Typhoon, which has been active since at least 2019, is known for its focus on breaching government and telecommunication entities in Southeast Asia. The group is now linked to recent breaches in North America

In parallel, Chinese government-backed cyber espionage group Volt Typhoon has been identified in similar infiltration activities involving internet service providers in the United States and India. 

Lumen Technologies Inc.’s unit Black Lotus Labs' security researchers announced in October that they suspect Volt Typhoon to be behind the cybercriminal campaign that started on June 12.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: