T-Mobile hacked in massive breach by China-linked hackers

Over the past month, numerous cyberattacks have targeted telecom providers in the U.S., attributed to the China-linked hacker group Salt Typhoon. Previous reports indicated that CenturyLink, AT&T, and Verizon were among the providers affected. It now appears that T-Mobile has also been breached, as first reported by The Wall Street Journal (WSJ).

The good news is that T-Mobile claims its customers should not be impacted by the breach. In a statement to WSJ, the carrier said:
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information. We will continue to monitor this closely, working with industry peers and the relevant authorities.”

However, the wording in T-Mobile’s statement is notable. The company does not explicitly deny that information was obtained during the breach, it only states there is no evidence that customer information has been impacted.

So, what exactly were the hackers after? A joint statement from the FBI and CISA released earlier this week provides some clarity. The statement implicates the Chinese government in a broad cyber-espionage campaign targeting U.S. telecom providers. The goal appears to be the theft of call records and communications from a limited number of individuals, primarily those involved in political or government activities.

While it is reassuring that this particular breach does not seem to target the average customer, it contributes to a concerning trend of security incidents involving T-Mobile. In fact, the carrier has experienced a total of nine breaches since 2019.