T-Mobile confirms breach amid wave of Chinese state-sponsored telecom attacks

T-Mobile has confirmed that its systems were targeted in the recent cyberattacks on U.S. telecommunications companies, reportedly conducted by the Chinese state-sponsored hacking group Salt Typhoon. However, the company maintains that it has found no significant impact or evidence of customer data being accessed or exfiltrated.

“T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” the company stated to The Wall Street Journal. The telecom giant also emphasized its ongoing vigilance, monitoring the situation in collaboration with industry peers and authorities.

The breach is part of a broader campaign targeting major U.S. telecom providers, including AT&T, Verizon, and Lumen. According to a joint statement from the FBI and CISA, the attacks aimed to steal sensitive data, including call logs, text messages, and details related to law enforcement requests.

Salt Typhoon, also known by aliases such as Earth Estries and Ghost Emperor, is a Chinese state-backed hacking group that has been active since 2019. Their recent campaign reportedly exploited vulnerabilities in network infrastructure, specifically targeting Cisco routers, though Cisco has denied any direct breach of its equipment.

The attackers focused on compromising networks to access data from high-profile targets, including U.S. national security and policy officials. The FBI and CISA warned that the scope of these breaches is still under investigation, with further details expected to emerge.

This incident marks the ninth security breach T-Mobile has faced since 2019. Previous breaches include:

• 2019: Exposure of prepaid customer account information.
• 2020: Data breach affecting employees’ personal and financial details.
• 2021: Unauthorized access to internal applications and customer network information.
• 2022: Lapsus$ gang breach using stolen credentials.
• 2023: API vulnerability exploited, exposing data of 37 million customers.