T-Mobile Says Sensitive Customer Data Wasn’t Impacted In China-Linked Attack

‘Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing,’ T-Mobile CISO Jeff Simon said a post Wednesday.

T-Mobile said Wednesday that sensitive data belonging to customers was not impacted in connection with a recent cyberattack campaign reportedly tied to a China-sponsored hacking operation.

“Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing,” T-Mobile CISO Jeff Simon wrote in a post.

[Related: 10 Major Cyberattacks And Data Breaches In 2024 (So Far)]

Simon sought to decouple T-Mobile from the reportedly months-long compromise of other telecommunications vendors by a China-linked threat actor, which is tracked as Salt Typhoon — though he did not appear to dispute the main premise of a Wall Street Journal report from earlier this month. The report indicated that T-Mobile had joined the list of major telecom firms compromised in the Salt Typhoon attacks, while noting that it was not clear whether T-Mobile customer records had been accessed in the breach.

CRN has reached out to T-Mobile for further comment.

In the post Wednesday, Simon also said T-Mobile doesn’t believe it was targeted in the attacks until recently, in contrast to other telecom providers that reportedly were compromised at least as far back as this summer.

“Within the last few weeks, we detected attempts to infiltrate our systems by bad actors,” he wrote, adding that the company has seen “no instances of prior attempts like this.”

The attack “originated from a wireline provider’s network that was connected to ours,” Simon noted.

Prior reports by the WSJ had identified Verizon and AT&T among the impacted ISPs in the cyber-espionage campaign.

Some U.S. government officials saw their communications compromised in connection with the attacks, the FBI and CISA (Cybersecurity and Infrastructure Security Agency) said in a joint statement Nov. 13.

The FBI and CISA said they had “identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies,” though the impacted telecoms were not identified.

The hack did compromise some customer call records and also involved copying “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement said.

In October, media outlets including the New York Times and WSJ reported that the Salt Typhoon attacks had targeted the campaigns of both of the then-candidates for president, Donald Trump and Kamala Harris, as well as then-vice presidential nominee JD Vance.