• AT&T, T-Mobile and Verizon are working together to offer standardized satellite connectivity
• It would benefit customers not covered by cell towers, like in national parks
• Operators globally are looking to use satellite for more than emergencies, now

In a rare turn of events, three of the biggest mobile carriers in the US have announced they will be working together to tackle 'dead zones' across the country using satellites.

The joint venture, formed by AT&T, T-Mobile and Verizon, should help to improve connectivity in areas where traditional towers can fail, such as national parks and highways.

Satellites could also provide continuity in disaster-struck regions, where land-based infrastructure damages can cause widespread outages.

Satellite technology to eliminate dead zones

Because the joint venture's plan revolves around direct-to-device satellite tech, it would mean that regular smartphone could access signal in rural areas without consumers needing to buy specific satellite phones. While many phones now offer limited services via satellite, it's hoped that the scheme would make roaming between cellular and satellite networks more seamless.

"Having launched the first nationwide, satellite-powered direct-to-device network for text and data, we’ve seen firsthand how critical reliable connectivity can be when America needs it most," T-Mobile CEO Srini Gopalan commented.

T-Mobile already partners with SpaceX, which has been expanding its footprint across voice and data services on top of earlier emergency texting functionalities. AT&T and Verizon also have partnerships with AST SpaceMobile for their satellite services.

The announcement comes amid a broader global shift, whereby satellite networks are becoming more tightly integrated with regular 5G and 6G cell connections, instead of being a separate emergency-only tool.

As well as improving coverage and performance for customers, the joint venture also anticipates industry benefits, such as industry-wide device compatibility and an easier way for mobile network operators (MNOs) to integrate satellite connectivity for their customers.

The agreement in principle is yet to be confirmed, pending regulatory approval and confirmation of the finer details.

• T-Mobile’s T-Satellite service is now available for more apps
• It lets you use some major apps when connected to a satellite
• T-Mobile has also shuttered its exclusive Google One storage deals

T-Mobile has been offering Starlink connectivity to its customers for a few months now, and the T-Satellite service gives you a way to contact people and connect to the internet when mobile data isn’t available. It’s just been updated to add satellite connectivity to a suite of popular apps, making them more useable when you’re off the grid and away from cell towers.

Posting on its blog, T-Mobile announced that multiple apps will feel the benefits. That includes AllTrails, AccuWeather, CalTopo, Google Maps, onX, T-Life, WhatsApp and X. That expands the number of apps that can tap into satellite service, and those options join several device-native apps – like Apple Music, Google Messages, Pixel Weather and more – that were already compatible.

And improvements haven’t just come on the software side, as T-Mobile has added 17 more phones that will now work with T-Satellite. That includes Apple’s iPhone Air and third-generation iPhone SE, the Samsung Galaxy Z Fold 6 and the Galaxy S25 Ultra, and more. There’s a full list on T-Mobile’s support page, but you can scroll down to the end of this story for the full list of new models.

Note that when you’re hooked up to a satellite, you’re unlikely to get the full-fat experience that you’re used to with these apps. In most cases, your connection will likely be slower than when you’re on mobile data or Wi-Fi, and certain features might be unavailable.

T-Satellite is included in T-Mobile’s Experience Beyond and Go5G Next plans. If you’re on a different plan or are a customer of a rival cell provider, you can still sign up for $10 a month. You also need to have a smartphone that is capable of connecting to satellites, which includes the iPhone 13 or later, the Samsung Galaxy S21 or later, and the Google Pixel 9a or later (support for the Pixel 9 is “coming soon,” T-Mobile says).

Something gained, something lost

It’s not all good news for T-Mobile customers, though. At the same time as it was expanding its T-Satellite offering, T-Mobile and Google have quietly ditched an exclusive Google One membership tier that included unlimited full-resolution image storage in Google Photos.

This deal allowed T-Mobile customers to access a special Google Photos perk when subscribing to a Google One membership through their cell provider. Ordinarily, paying $9.99 a month would get you 2TB of total storage on Google’s servers.

If you signed up through T-Mobile, however, this would be supplemented with unlimited Google Photos storage – at full resolution, no less. There were also lower tiers that came with additional storage compared to the regular Google One offering.

Sadly, those deals are no longer available to new customers, as of September 30. If you’re a current user of this service, though, you can keep using it, providing you don’t cancel it.

If you’re looking for a new place to store your photos, you still have other options, from the best Google Photos alternatives to the best cloud storage for photos. Make a good choice and your images will be safe and sound, even without T-Mobile’s Google One storage tier.

And if you're interesting in trying that Starlink connectivity from T-Mobile, here's that full list of the new phones that are supported:

• iPhone Air 
• iPhone SE (third-generation)
• moto g 5G 2025
• moto g power 5G 2025
• Samsung Galaxy A36 SE
• Samsung Galaxy A36 5G
• Samsung Galaxy S24
• Samsung Galaxy S24+
• Samsung Galaxy S24 Ultra
• Samsung Galaxy S24 FE
• Samsung Galaxy S25
• Samsung Galaxy S25+
• Samsung Galaxy S25 Ultra
• Samsung Galaxy S25 Edge
• Samsung Galaxy S25 FE
• Samsung Galaxy Z Flip6
• Samsung Galaxy Z Fold6

You might also like

• T-Mobile’s Starlink satellite service officially launches – here’s which phones it supports and how it compares to Apple’s free rival
• Best Google Photos alternative of 2025
• Best way to backup photos of 2025

• Hacker posts new thread on a dark web forum, claiming to have stolen millions of records from T-Mobile
• The records included names, email addresses, phone numbers, and other PII
• However T-Mobile says the archive has nothing to do with the company or its customers

Hackers have recently shared a new database they claim contains sensitive customer information stolen from the American telecommunications giant, T-Mobile. However, the company denied any connection to the archive, saying it had nothing to do with it, or its clients.

A Cybernews report claims the unnamed cybercriminals leaked a database containing fresh intel (obtained as early as June 1, 2025).

The database contained 64 million lines, holding valuable customer information such as full names, dates of birth, tax IDs, postal addresses, phone numbers, email addresses, device IDs, cookie IDs, and IP addresses.

False claims

This kind of data is extremely valuable to cybercriminals, who can use it to create specially crafted, personalized phishing emails, tricking the victims into sharing login credentials, banking info, and other vital data. These attacks can result in identity theft, wire fraud, and ransomware attacks.

Responding to a Cybernews inquiry, T-Mobile said the data had nothing to do with it: “Any reports of a T-Mobile data breach are inaccurate. We have reviewed the sample data provided and can confirm the data does not relate to T-Mobile or our customers," the company's representative told the publication.

The Cybernews team analyzed the data, but could not confirm its authenticity. It said that some data, such as phone numbers, appeared in earlier T-Mobile links, but said it was impossible to verify the archive with 100% accuracy. We also don’t know if 64 million lines means 64 million people.

“If this data is legitimate, exposing 64M lines of highly sensitive information poses a serious threat of identity theft/fraud, surveillance, and further, better-targeted attacks on customers,” the team said.

This is not the first time T-Mobile denied having been breached. Roughly a year ago, an infamous threat actor known as IntelBroker claimed to have broken into T-Mobile and stolen Source code, SQL files, Images, Terraform data, t-mobile.com certifications, and Siloprograms. T-Mobile denied the claims.

You might also like

• T-Mobile denies it was hacked, despite hacker claiming to have leaked company data
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• While some TikToks are claiming iOS 18.3 installs Starlink on your iPhone, that is not the case
• In the US, Starlink connectivity is only available on T-Mobile and in beta
• iOS 18.3 doesn't install this connectivity, but does make a network change

iOS 18.3 is here – and contrary to rumors being spread on TikTok and elsewhere, it doesn’t install Elon Musk’s Starlink tech on your iPhone. So, there’s no reason not to get the latest iOS update on your iPhone and ensure that you’re up to date.

iOS 18.3 is a relatively minor update, which mostly impacts Apple Intelligence – enabling the AI features by default and rolling out some fixes for Notification Summaries – and fixing several bugs. It does, however, make a change for T-Mobile customers by allowing the iPhone 14, iPhone 15, and iPhone 16 lineups to potentially connect to the Starlink-powered terrestrial network of the carrier.

It is not, however, allowing that connection by default, and T-Mobile’s partnership with Starlink is still in beta for a select few customers who opt to join it and then get selected to participate. Apple doesn’t have a partnership with Starlink, but T-Mobile does, and you need to opt in a few ways. Let’s unpack this ahead.

The myth: iOS 18.3 installs Starlink on your iPhone

The concern in the now viral TikToks is that the latest version of iOS basically adds a direct connection to Starlink to your iPhone. The main point of concern is that ‘Starlink can now work with iPhone and access it’ without any formal announcement from Apple on if it’s a mandatory connection.

Apple initially launched its Emergency SOS via Satellite service alongside the iPhone 14 – with support for the iPhone 15 and 16 – so the smartphones could connect to a satellite. However, it’s not on by default and is only engaged when no LTE or Wi-Fi network is available.

Since then, some carriers have offered satellite networks alongside a typical phone network. T-Mobile is doing that, and it initially announced its partnership with Starlink in August 2022.

Apple also updated a support page detailing how to turn off carrier-powered satellite features. To do this, open Settings, navigate to Cellular, select your carrier, and turn off ‘Satellite.’

Simply, though, iOS 18.3 does not install Starlink on the iPhone. Essentially, it is packaged within iOS 18.3 as a carrier network settings update for T-Mobile that allows for the connection. It is not on by default, though, and you need to be selected to join the beta after requesting a spot.

The reality: T-Mobile has a partnership with Starlink that is currently in beta and iOS 18.3 is safe to install

So no, iOS 18.3 does not add a direct line to the Starlink network – forced or unforced – as some viral TikToks claim. It makes network settings changes that allow T-Mobile-connected iPhone 14, 15, or 16 to connect to T-Mobile 1900MHz spectrum, accessed through antenna ‘band 25’ on the iPhone to access the Starlink network.

Even for that network connection to happen, you need to have an eligible T-Mobile plan, register for the beta, and be selected to participate in it. Then, you need to be in an area where that network is supported and when a typical cellular network or Wi-Fi is unavailable. You’ll know that is the case when you see “SAT” replace the standard cellular bars and “4G,” “5G,” or “5G UW” in the top right corner of your iPhone.

T-Mobile opened its Starlink network beta program in December 2024, and interested customers have been able to register for it. It was first available to Android smartphones, and then the capability for the iPhone rolled out with iOS 18.3.

The partnership and the ability for T-Mobile devices to connect to Starlink’s direct-to-cell technology aims to reduce dead zones and allow users to stay connected. T-Mobile is also the only cellular network in the United States to have this partnership with Starlink.

Apple’s satellite connectivity for its iPhone under the ‘Emergency SOS’ feature is not Starlink and is done through a partnership with Globalstar.

Furthermore, it’s also best practice to keep your iPhone and other devices up to date, as using older software can make them more susceptible to security and privacy issues. iOS 18.3, like most iOS updates, brings some new features but also, at times, critical bug fixes and important security patches.

So, long story short, iOS 18.3 does not add a direct connection to Starlink to your iPhone. It simply allows a T-Mobile-connected iPhone to use that network when you're outside of traditional coverage if you’ve opted into the beta and have been selected. It’s also a partnership between T-Mobile and Starlink – Apple isn’t involved there and it doesn't have any impact or change to Apple's Emergency SOS via Satellite functionality. That service has been using Globalstar satellites since its inception.

If you’re on T-Mobile and want to opt out of using Starlink, open Settings on your iPhone, click Cellular, select your Carrier (in this case, T-Mobile), and turn off Satellite.

You might also like

• How to send satellite messages on iPhone
• The end of ‘dead zones’? Starlink’s direct-to-cell satellite service passes big milestone
• The original two-year period for free Emergency SOS Satellite features on the iPhone has expired – but Apple hasn't started charging yet

• Apple, T-Mobile and SpaceX are reportedly teaming up to bring Starlink to iPhone users
• This would add another satellite connectivity option for Apple fans
• It’s currently in beta testing for small numbers of T-Mobile customers

Apple has offered satellite connectivity to its iPhone users for a couple years now, and it can help you out when you don’t have access to cell service. But that soon might not be the only type of satellite connection on offer to iPhone users, according to a new report from Bloomberg.

The website claims that Apple is in talks with SpaceX and T-Mobile US to add support for Starlink’s satellite network. In fact, the latest iOS 18.3 update, which was released on January 27, apparently contains “under-the-radar” support for Starlink, Bloomberg says.

Bloomberg describes this as a possible alternative to Apple’s own satellite service, and says the companies have been covertly testing iPhones equipped with Starlink connectivity.

As the report points out, the move comes as something of a surprise. Apple already has a satellite provider in Globalstar, while T-Mobile has previously only offered Starlink to Samsung users. Yet T-Mobile has recently begun allowing iPhone users to access Starlink as part of a beta test, signaling that a broader change is on the way.

In a message sent to beta users, T-Mobile says: “You’re in the T-Mobile Starlink beta. You can now stay connected with texting via satellite from virtually anywhere,” while also specifying the iOS 18.3 requirement. If you’re part of the beta, you’ll see a new toggle in the Settings app to manage Starlink connectivity. T-Mobile told Bloomberg that “the vast majority of modern smartphones” will soon support the feature.

What this means

Support for Starlink could give iPhone users another option for satellite connectivity, and might provide an alternative if they can’t connect to Globalstar’s network. It also sounds like it might have more applicable uses than Globalstar’s option, which is mostly limited to emergency contacts and contacting first responders for now.

SpaceX owner Elon Musk seemed to confirm the Starlink-Apple link-up in a post on X. Commenting on a post made about the partnership, Musk said that “Medium resolution images, music & audio podcasts should work with the current generation Starlink direct-to-phone constellation.” He also added that “Next generation constellation will do medium resolution video.”

For now, Starlink only works with text messages on iPhones, but support for data and video calls is apparently in the works. It’s also limited to the US, in contrast to Apple’s Globalstar partnership, which works in several nations. Unlike Globalstar, however, you don’t need to point your phone to the sky to connect to Starlink, and it should even work when your phone is in your pocket.

Most of the best iPhones support Starlink connectivity, Bloomberg reports, with the feature also coming to the Apple Watch Ultra “later this year.” So, make sure to keep your eyes on the skies as further details emerge.

You might also like

• How to send satellite messages on iPhone
• Apple invests billions in Globalstar for satellite services and improved iPhone connectivity
• iOS 18.3 is here with a major change to how you enable Apple Intelligence

• More victims of Salt Typhoon attack unveiled by WSJ
• The extent of the damage caused by the attack is still unknown
• Some telecoms providers have removed the attackers from their systems

The recent Salt Typhoon cyberattacks may have breached more telecommunications providers than previously thought, with Charter Communications, Consolidated Communications, and Windstream all now believed to also have been affected.

The fresh list of victims comes from a new report by the Wall Street Journal, who cited people familiar with the matter.

The attack also exploited Fortinet network devices that did not have up-to-date security software installed, as well as vulnerable Cisco large network routers.

Attack may have started in 2023

The attack against US telecoms providers was first publicized in a joint statement by the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) on October 25, 2024 - however, the WSJ report states the attack is believed to have started as far back as fall of 2023 - around the same time US National Security Advisor Jake Sullivan was briefing telecom and tech executives on the depth and breadth of Chinese penetration into US critical infrastructure.

Salt Typhoon is now known to have successfully breached the networks of AT&T and Verizon in the attack, but little is known about what data the China-affiliated group was able to access.

Both Lumen and T-Mobile were also targeted during the attack, but both companies have said that they successfully stopped attackers from accessing sensitive customer information. Verizon confirmed that the data of a limited number of high-profile individuals involved in politics was targeted in attacks.

Salt Typhoon also gained access to a ‘lawful interception’ channel used by law enforcement agencies to perform court-ordered wiretaps for national security purposes, with China repeatedly denying any involvement in the attacks and accusing the US of spreading misinformation. China even went so far as to label Volt Typhoon - a similar group believed to be associated with Beijing - as a CIA asset set up to discredit the US’ rivals across the Pacific.

Both Fortinet and Cisco did not comment on the WSJ report, but both organizations have been in the cross hairs of cyber attacks from a range of cyber criminal groups.

Network routers with outdated firmware have been a favorite target as an initial access point for attackers and botnets for several years. Fortinet has also experienced a spate of attacks on its Windows VPN service and Fortigate VPN systems.

You might also like

• These are the best endpoint protection services around
• Take a look at our guide to the best business VPN
• Could AI soon make dozens of billion-dollar nuclear stealth attack submarines more expensive and obsolete?

• T-Mobile's backup solution includes free data passes for emergencies
• Each plan offers 130GB/month, plus three free 130GB passes yearly
• No hidden fees with T-Mobile's Home and Business plans

T-Mobile has unveiled enhanced Internet Backup plans for both home and small businesses which aim to give users a reliable and affordable 5G network in the event of an outage of the primary network.

However, the irony of this launch is it came on the same day that the company suffered its largest outage of 2024, which disrupted services for users across various regions in the United States.

The outage left millions of users disconnected for almost five hours, and confirmed the need for a reliable backup solution.

Backup solution for downtime

According to T-Mobile, the Home and Small Business Internet Backup plans are offering users more robust tools to maintain connectivity during ISP outages. These plans are not meant to replace, but rather complement, traditional cable or fiber internet services.

Each plan includes 130GB of 5G data per month, which is sufficient to keep most households or small businesses online for up to seven days during disruptions. The latest update introduces an additional three free 130GB data passes per year, which can be activated during extended outages lasting either three days or until the data is consumed.

The T-Mobile 5G gateway can be set up in under 15 minutes, ensuring a quick transition to backup connectivity when primary services go offline. These plans do not include any hidden fees, which means that the 5G gateway is provided at no additional cost.

T-Mobile is also offering the Nimble Champ Pro 20k 65W portable power station at a discounted price of $49.99 for new customers to help keep devices and the 5G gateway online during blackouts.

T-Mobile’s massive November outage cast a spotlight on the vulnerabilities of even the largest telecom providers. While the company has long promoted its 5G network as a robust and reliable option, the scale of this service disruption reminded customers of the potential for unexpected failures. This incident also highlights how critical internet access is in an era where remote work, virtual learning, and online business operations are routine.

You may also like

• T-Mobile fined $60 million over unauthorized data access
• These are the best cell phone plans around today
• Millennials are indulging in impulse shopping more than ever

• Starlink and T-Mobile satellite partnership approved by FCC in the US
• First green-lit collaboration between satellite operator and cellular network
• Europe sees a similar test between Deutsche Telekom and Skylo

Starlink has taken a big step forward in the battle to combat so-called cellular ‘dead zones’ where a phone signal can’t be obtained, using satellites to provide the necessary coverage for areas where a mobile network can’t reach.

Over in the US, the Federal Communications Commission (FCC) has given the thumbs-up to Starlink to use its satellites in a partnership with T-Mobile, giving users on that network coverage for remote locations.

The Verge reports that this direct-to-cell satellite service is the first such collaboration between a satellite operator and cellular network to be green-lit by the FCC.

The FCC said: “The Commission recognized that satellite-to-device connectivity can support critical public interest benefits, including ubiquitous connectivity, access to 911 service from remote areas, technological advancement, and innovative spectrum use.”

Starlink and T-Mobile already got temporary clearance in October, The Verge points out, to provide service to those hit by Hurricane Helene. However, this is the FCC granting Starlink a full US commercial license for its direct-to-cell program.

Starlink first tested this satellite solution back in January 2024, just after the initial satellites were launched by SpaceX.

Ben Longmier, Senior Director of Satellite Engineering at SpaceX, further observed that: “Any telco that signs up with Starlink Direct to Cell can completely eliminate cellular dead zones for their entire country for text and data services.”

Initially, just basic text capabilities are going to be provided, and support for data or voice isn’t expected to debut until next year.

Analysis: First texts – then video chats?

Bringing cellular (and internet) coverage to remote areas where there’s no phone signal at all is a challenging problem, so it’s good to see what appears to be a viable solution moving forward to be commercially deployed.

While, as noted, this direct-to-cell satellite system can deliver text and internet services in areas not served by terrestrial cellular coverage, there’s some controversy as to where to draw the line in terms of extending this mission to facilitate real-time voice or even video calls.

Obviously, that’s ramping up the stakes bandwidth-wise, and The Verge notes that this would mean SpaceX going above current power flux-density limits – which mobile operators (AT&T and Verizon) in the US are concerned could interfere with their existing network coverage.

Meanwhile, in a similar vein on the other side of the Atlantic, there’s been a collaboration between Deutsche Telekom, Qualcomm, and Skylo, combining a mobile operator’s cellular network (Deutsche Telekom) with a satellite network (Skylo) and sending a text this way – for the first time ever in Europe (using a Qualcomm Snapdragon 5G modem).

Phone Arena noticed this development and informs us that it’s just a proof-of-concept at this point, but it’s a solid step forward towards commercializing the same kind of satellite service for remote areas in Europe. The report points out another challenge, aside from providing enough bandwidth for heavier duty services like voice or video – namely the weather and its interference with satellite coverage.

You might also like...

• I'm a phones expert, and these are the best Black Friday phone deals to buy from Samsung, Apple, and more
• Starlink review
• I tested Apple Emergency SOS via Satellite - and it could save a life

• T-Mobile details how Salt Typhoon accessed its routers
• It explained what the hacker's methods and how they were spotted
• T-Mobile's CSO stresses hackers didn't steal any data

T-Mobile has revealed the hackers who recently targeted its infrastructure were seen running commands on its routers, but stressed its defenses worked as intended and that no major damage was done.

The declaration follows recent news of an incident where Salt Typhoon, an infamous Chinese state-sponsored threat actor, breached T-Mobile's network in a cyber-espionage campaign on behalf of the country’s government.

The FBI also recently confirmed the group had successfully gained access to networks and private communications of members of the US government.

Working as intended

Now, T-Mobile’s Chief Security Officer, Jeff Simon, told Bloomberg the attackers were spotted while running commands, usually used in the reconnaissance stage of a cyberattack, on company routers. Some of the commands used matched indicators of compromise previously linked to Salt Typhoon, he added.

At the same time, Simon published a blog post in which he said the company’s defenses worked as intended, so Salt Typhoon was unable to cause any significant damage, or steal any sensitive customer or company information.

"Many reports claim these bad actors have gained access to some providers' customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile," Simon said.

"Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails, or texts).”

Simon also said that the attack originated from a wireline provider’s network that was connected to T-Mobile. "We quickly severed connectivity to the provider's network as we believe it was – and may still be – compromised."

After blocking the access, T-Mobile said it now sees no additional attacker activity, suggesting Salt Typhoon abandoned the initiative. In any case, the information was shared with government and industry partners.

You might also like

• IoT devices across the world targeted by major new botnet
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• T-Mobile has joined the list of Salt Typhoon victims
• Salt Typhoon has been heavily targeting the telecommunications sector
• No evidence has been found to suggest customer data access

T-Mobile has joined the growing list of US telecom operators who have been breached by Salt Typhoon.

The company confirmed in a statement to the Wall Street Journal that while a breach had occurred, there was no evidence to suggest the attackers had accessed or exfiltrated any customer data.

“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information. We will continue to monitor this closely, working with industry peers and the relevant authorities,” the company said in its statement.

Salt Typhoon continues attack

Salt Typhoon has been conducting a broad attack against US and Canadian telecommunications companies and internet service providers in what is thought to be a critical infrastructure mapping and espionage campaign.

The FBI recently confirmed the group had successfully gained access to networks and private communications of members of the US government.

The US government has also issued a warning through the Consumer Financial Protection Bureau (CFPB) for its workers to avoid using personal cell phones for work purposes, stating, “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised.”

In a further statement to BleepingComputer, T-Mobile added, “Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced.”

The group is widely recognized as a Chinese state-sponsored threat actor and the campaign is thought to be a mapping and vulnerability hunting campaign for future attacks.

Other telecommunications companies affected by the same campaign include AT&T, Lumen Technologies, and Verizon, with the attackers potentially having access to customer data and networks for several months. A network used by US authorities to submit requests pursuant to court orders was also breached.

A roundup of T-Mobile breaches by BleepingComputer puts this as the ninth since 2019, with the company suffering a number of data leaks, attacks and extortion attempts.

You might also like

• Take a look at the best malware removal
• These are the best endpoint protection services
• Security pros tell us how they are infiltrating cybercriminal networks and striking back from within

T-Mobile has settled its case with the US Federal Communications Commission regarding multiple cybersecurity incidents and data breaches between 2021 and 2023.

Under the settlement, the company will pay a multi-million dollar penalty, and will have to significantly revamp its cybersecurity infrastructure.

The FCC said its investigation determined the cyberattacks T-Mobile experienced resulted in data breaches, “which affected millions of cell phone customers, were varied in their nature, exploitations, and apparent methods of attack.” As a result, the company will have to pay a $15.75 million civil penalty to the US Treasury.

Critical step

As part of the ruling, T-Mobile will have to make significant changes to its cybersecurity infrastructure, including moving to a zero-trust network architecture (ZTNA), which the FCC describes as, “one of the most important changes organizations can make to improve their security posture.”

The company's CISO will also have to regularly brief the board regarding T-Mobile’s cybersecurity posture and business risks, and it must also broadly adopt robust identity and access management, which includes multi-factor authentication (MFA) wherever possible.

For the FCC, this is a “critical step in securing critical infrastructure”.

To address these issues, and make the necessary changes, T-Mobile will invest roughly $15.75 million, the announcement adds.

“The wide-ranging terms set forth in today’s settlement are a significant step forward in protecting the networks that house the sensitive data of millions of customers nationwide,” said Loyaan A. Egal, Chief of the Enforcement Bureau and Chair of the Privacy and Data Protection Task Force.

“With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to improve our national cybersecurity posture and help prevent future compromises of Americans’ sensitive data. We will continue to hold T-Mobile accountable for implementing these commitments.”

More from TechRadar Pro

• T-Mobile denies it was hacked, despite hacker claiming to have leaked company data
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

An attempt by T-Mobile and SpaceX to launch Supplemental Coverage from Space (SCS) in the US has hit a snag after rivals AT&T and Verizon - who are also planning to offer SCS coverage - complained to the Federal Communications Commission (FCC) on the grounds that it could negatively impact traditional cell service.

Per Ars Technica, T-Mobile plans to use SpaceX satellites to extend its coverage in the US, while opposition also includes satellite parent companies Echostar (owners of cable company Dish and satellite internet service provider Hughes) and cellular/satelite ‘hybrid’ company Omnispace.

AT&T’s specific opposition leverages an FCC ruling on SCS (PDF) stating that it must not impact regular service, which is all well and good, but SpaceX and T-Mobile continue to maintain that suggestions that its SCS coverage will do so are based on ‘misleading claims.

He said, she said

In a joint filing with the FCC describing a meeting with executives, SpaceX and T-Mobile have asked for a waiver from the FCC’s out-of-band emissions PFD limit of -120 dBW/m2/MHz, which it describes as “inappropriately uniform” and “an order of magnitude more restrictive than necessary to protect terrestrial operations”.

To this end, the FCC filing also suggests that demonstrations of SpaceX and T-Mobile’s SCS service show that it will not adversely affect other operators, noting, “Indeed, each time that SpaceX has demonstrated that it would not cause harmful interference to other operators—often based on those parties' own claimed assumptions—those competitors have moved the goalposts or have claimed their analysis should not have been trusted in the first place.”

The two companies are also claiming that opposition from competitors is based on stifling competition in the first place.

“These operators' shapeshifting arguments and demands should be seen for what they are: last-minute attempts to block a more advanced supplemental coverage partnership and siphon sensitive information to aid their own competing efforts. The Commission must not allow competitive gamesmanship to stand in the way of lifesaving service for American consumers.”

Despite plans for AT&T to offer SCS coverage in collaboration with AST SpaceMobile, the National Advertising Review Board (NARB) did, earlier this month, order the company to stop running ads suggesting that this functionality was already in place, given that it wasn’t, and, at time of writing, still isn’t.

More from TechRadar Pro

• T-Mobile fined $60 million over unauthorized data access
• SpaceX launches first Starlink satellites for direct-to-cell coverage
• Take a look at the best business smartphones right now

The Committee on Foreign Investment in the United States (CFIUS), part of the US Department of the Treasury, has announced (via Reuters) its largest ever penalty against T-Mobile in response to the network provider’s failure to prevent and report unauthorized access to sensitive data.

The $60 million fine concerns T-Mobile's violation of a mitigation agreement relating to its $23 billion acquisition of Sprint in 2020.

The multibillion-dollar fine was issued to penalize the company for technical issues that occurred in 2020 and 2021.

T-Mobile fined for technical issues four years ago

The fine doesn’t just relate to the occurrence of the technical issues, but also T-Mobile’s delay in reporting them, which the CFIUS says hindered its ability to address potential national security risks.

T-Mobile blamed the problems on its integration with the Sprint network. The company, majority-owned by Germany’s Deutsche Telekom, emphasized that the technical problems only affected data shared from a small number of law enforcement information requests.

The network provider asserted that the issues were reported “in a timely manner” and resolved quickly.

However, the unprecedented size of the fine and the decision to share details publicly highlight the Committee’s emphasis on enforcement. The $60 million fine now serves as a stark warning to other companies about the importance of complying with regulations and obligations.

Moreover, the CFIUS has been increasing the pressure in recent years, issuing more penalties than previously.

T-Mobile told TechRadar Pro in an email:

"Several years ago, we experienced technical issues during our post-merger integration with Sprint that affected information shared from a small number of law enforcement information requests out of the hundreds of thousands that we process each year. This was not a breach, there was no intrusion and no bad actor was involved. The noted unauthorized access was that information was sent to the wrong law enforcement agency, but it never left the law enforcement ecosystem.

"We take matters like this seriously. We reported this in a timely manner, and the issue was quickly addressed. We are glad to have reached a resolution and look forward to continuing to work cooperatively with the law enforcement community to help keep the country and our customers safe."

More from TechRadar Pro

• We’ve rounded up a list of the best eSIMs for international travel
• In need of an upgrade? Check out all the best business smartphones
• BT hit with major fine after tech issues meant 999 calls were not connected

Popular data leaker IntelBroker is selling a database allegedly belonging to the telecommunications giant T-Mobile, but the company has denied this is the case.

In a new post published on a dark web forum, IntelBroker said they were selling “Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms.” 

They said the breach happened in June 2024, and shared screenshots showing access with admin privileges to a Confluence server, as well as screenshots depicting the company’s Slack channels for developers.

Old screenshots

We don’t know how big the database is, or how much money the threat actor is asking for. However, T-Mobile claims its infrastructure is intact, and is currently investigating the matter further.

"T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider," T-Mobile shared in a statement to BleepingComputer. "We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."

A source told the publication that the screenshots are old, and were posted to a third-party vendor’s server. The name of the third party is known, but given the risk of other threat actors targeting it, will remain hidden for now.

IntelBroker has made quite a name for themselves, posting data belonging to many high-profile organizations on the dark web. Recently, the same threat actor offered AMD’s files for sale: "In June 2024, AMD, a large computing company suffered a data breach. Compromised data: Future AMD products, Spec sheets, employee databases, customer databases, property files, ROMs, source code, firmware and finances," the threat actor said in the post.

Other organizations hit by the same attacker include HPE, General Electric, Home Depot, Facebook Marketplace, and many others. 

More from TechRadar Pro

• AMD investigating possible data breach after internal company data put up for sale online
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Since Apple offered emergency satellite communications on the iPhone 14 in 2022, we've been waiting for Android phones to catch up – and it seems as though that might finally happen with the roll out of Android 15 later this year.

As reported by Android Authority, several T-Mobile customers in the US who've signed up to the Android 15 public beta on their Pixel phones are seeing new satellite messaging screens on their devices, even though the functionality hasn't gone live yet.

"You can send and receive text messages by satellite as part of an eligible T-Mobile account," reads one of the messages that have now appeared. "Your phone will auto-connect to a satellite" when a mobile network isn't available, reads another.

This neatly matches up with previous rumors that have been swirling for months at this point – in fact, satellite messaging was supposed to be making an appearance in Android 14 last year, but that never came to pass.

Hardware and software support

It's perhaps not surprising that it's taken a while for Android to catch up to iOS with satellite connectivity. Not only does it need to be integrated at the software level, it also needs to be compatible with the hardware, the carrier, and the satellite network.

These are all areas Apple has a high degree of control over, whereas Android phones involve more companies and more partnerships. Everything needs to be lined up correctly: which may or may not be the case when Android 15 launches in full later this year.

T-Mobile has been busy working with the SpaceX Starlink network to make direct-to-cell capabilities possible – satellites that can talk to standard cell phones, with no special components required. This would certainly make the tech more broadly available.

According to earlier leaks and these new screens, Android might go one better than the iPhone by letting you message any contact over satellite when you have no phone signal – not just the emergency services. Expect more news in the coming months.

You might also like

• Google Pixels could get a new satellite feature
• Everything we know about Android 15 so far
• Satellite SOS might be heading to Pixel phones

Write this down, because I’m going to tell you my secret to understanding the US mobile industry for the last 20 years. The answer to everything is 'The Carriers.' Every question, every conundrum. If you want to know why we DO have this, or DON’T have that? The answer is the US carriers: AT&T, Verizon, and T-Mobile. How has Apple managed to achieve monopoly power in the US and draw the ire of the Justice Department? The answer is the US carriers.

One of the strongest points that Apple makes in its rebuttal to the government’s lawsuit is that the government is considering only the US market, but Apple competes on a global scale. In the global market, Apple’s market share is much lower than in the US alone. It owns closer to 20% of the global market, as opposed to more than 60% of the US market.

Why is there such a huge difference? Is it because Samsung is incredibly popular everywhere else in the world? Are Google Pixel phones and Motorola Razr phones catching on like wildfire? Of course not. It’s because there are lots of phones in the rest of the world that you simply cannot buy here in the US.

Half of the Top 10 phone makers don't sell phones here

The top ten phone makers in the world include Apple, Samsung, OnePlus and Motorola. It also includes Xiaomi, Oppo, Vivo, Huawei, and Realme. While Oppo’s subsidiary brand OnePlus sells phones in the US, none of those latter brands are available here. Why not? Check your notes, you wrote down the answer.

It’s because of the US carriers. Okay, we can’t blame the US carriers for the US government’s ban on Huawei products (though the government hasn’t offered specific evidence to support that ban). The rest of the phones, though, are not available in the US because the carriers don’t sell them. You can find them through grey market import channels, but they won’t have a local warranty, and they may not support local networks properly.

It’s unclear why the US carriers don’t sell half of the top phone brands here in the US, and we can only add blind speculation. Is there a political motive, as all of these brands are Chinese? I’ve personally heard from a mobile industry analyst that the US government has in some way influenced the carrier decision to forego selling most new Chinese phones. That analyst wouldn’t go on the record, so I take that possibility with a huge grain of salt.

The other possibility is that it is simply cost-prohibitive for a foreign manufacturer to sell phones here. If you want to sell phones in a US carrier store, you need to work with the carriers. That means sending hundreds of devices to labs for testing, and adjusting everything on the device that fails those stringent tests.

It means a lot more localization work for each phone. The US carriers will also want a marketing commitment, or else the phones will end up on the shelves in the back, behind all the iPhones and Galaxy phones and no-name budget phones with Verizon or AT&T branding.

It is easier for US carriers to sell you an iPhone

The same motivation that keeps the US carriers from selling these competing phone brands is also what keeps the iPhone at the top of the pile. It is very easy for US carriers to sell the iPhone. Apple spends a lot of its own money on marketing, alongside whatever the carriers are spending. There are rewards and incentives for selling more iPhones, especially with AppleCare attached.

Best of all, when you have a problem with your iPhone, you don’t need to call Verizon. You can call Apple. In fact, Apple would probably prefer you call them directly.

Most companies hate customer service calls because they cost a lot of money and don’t result in more sales. Carriers will refuse to stock phones if those phones are going to cause a lot of customer service calls. That’s another reason we don’t see Chinese phones, which tend to have poor localization and language issues, in US carrier stores.

The US carriers buy more iPhones than anybody else

Apple isn’t to blame for its overwhelming market share. Instead, blame its largest customers, the ones that buy so many iPhones that Apple’s dominance is inevitable. Apple’s top customer isn’t you or me. It’s the US carriers. Apple sells millions of phones directly to US carriers, and they sell them to us.

Most people in the US still buy their phone directly from their mobile carrier. While Apple and Samsung both sell directly, and Apple even has a store in your local mall, most iPhone owners in the US bought their phone from AT&T or Verizon or T-Mobile, or one of the smaller (often wholly-owned) networks that buy bandwidth from those three. After all, the carriers give you the best deal on a new phone if you sign up for a long-term contract, and who can afford to pay hundreds upfront these days?

If there is a reason that the Apple iPhone is the dominant phone on the market, the reason is the US carriers. They sell more iPhones than Apple directly, along with the Apple Watches that keep you locked into Apple’s platform. Verizon often gives away a free watch and a free tablet if you connect all of your devices to their network; we see this deal every time a new model is launched.

Not only is Apple not solely responsible for its US market dominance, but it’s also fair to say that the US cellular market could use some scrutiny. After T-Mobile swallowed up Sprint, US customers were left with a much less competitive market.

Instead of going after Apple for dominating the market, the Justice Department should encourage the US mobile networks to offer more options in stores. The rest of the world has far more options, and the global market is more competitive. If the US carriers are the reason we don’t have the same choice as the rest of the world, maybe it’s the US carriers that are the problem, and not Apple.

• The US government is right about Apple's incredible market power, here's what you need to know
• The big Apple lawsuit explained: why Apple's getting sued and what it means for the iPhone
• The US sues Apple for monopoly antitrust violations, says the company has smothered an entire industry

Android’s eSIM transfer tool could slowly become adopted by other carriers, allowing users an easier process when transferring contracts to new devices.

The eSIM transfer feature was introduced by Google last year at MWC (Mobile World Congress) and was initially only available on Google Pixel devices but that may have changed with the Samsung Galaxy S24.

According to Android Police, the feature was first noticed by Google Pixel 8 users, and it has now been spotted on the Samsung Galaxy S24 which could indicate the feature is no longer locked to Google Pixel devices. However, for now, the eSIM transfer tool only appears to work for eSIMs linked to T-Mobile, with no clear indication if and when other networks could adopt its use. 

As Samsung is one of the most popular Android phone manufacturers this could be a positive sign that other manufacturers and networks will jump on board to accelerate its adoption to the rest of the Android market.

The Android eSIM transfer tool should make it much easier to move your contract to a new device. Previously, you might be required to visit a store or use an app unique to your network provider, which could involve users going through the whole setup process again.

However, the standardization of the Android eSIM transfer tool could do away with individual devices' or networks’ own SIM transfer tools and existing compatibility issues by having all Android devices use Google’s eSIM transfer tool, thus ensuring smooth communication between all Android devices like eSIM transfers on Apple devices. 

What are the advantages to eSIMs?

An eSIM functions just like a physical SIM card, containing the data needed to access the carrier network but it is stored in your device instead of a removable card.

There are some advantages to using them too. For example, an eSIM can allow you to have multiple profiles on one device, e.g., for a work account and a personal account. They're useful if you're changing to a new device as you no longer have to swap cards when changing carriers. 

When you purchase a new contract you won’t have to go to a shop for a physical card or wait for its delivery, eSIMs offer the ability to buy and download your preferred package from your carrier and set it up quickly and securely by yourself. 

Other advantages of switching to eSIM could include seamlessly switching networks with just a few taps on your device. 

The shift could even change our phones, if eSIMs become the norm, then the physical space SIM cards used to inhabit on phones could be used to put in a larger battery, camera, or more effective cooling system. Also as they aren't physically SIMs, they can’t be removed if your phone is lost or stolen giving you a better chance of retrieving it.

While physical SIM cards are not extinct yet this could be a nail in the coffin for them and even be a sign that the shift to digital-only SIMs is closer than we think, but it also could be a step towards a more unified Android OS.

You may also like

• We've got another hint that the Nothing Phone 2a might launch very soon
• Google update adds a handy health feature to the Pixel 8 Pro
• How to play YouTube in the background on Android

In an effort to capture more SMB customers, T-Mobile has unveiled Connected Workplace, a new offering combining its nationwide 5G network, Cisco Meraki devices, and a cloud-managed networking platform.

Connected Workplace is designed to simplify the complexities of business network infrastructure, but also promises to be a more cost-effective solution than many other providers.

Besides connection to the internet, T-Mobile’s Connected Workplace will also provide installation, software licensing, a 5G gateway and Wi-Fi access points that are upgraded free of charge every three years, as part of its all-encompassing package.

T-Mobile Connected Workplace

Besides the above, T-Mobile says that Connected Workplace will include 24/7 proactive performance monitoring of both the network and connected devices, unlimited same-day configuration changes, and 24/7 support with onsite equipment repair or replacement.

Teaming up with Cisco, T-Mobile’s customers will also get Cisco Meraki cloud-managed networking solutions, access to a Cisco Meraki firewall, and an online dashboard to manage the network.

The solution is designed to prevent small and medium businesses from having to manage different suppliers’ components and multiple contracts, plans, and models. Besides simplicity, the package also delivers security under the same roof.

Mishka Dehghan, SVP, Strategy, Product, and Solutions Engineering, T-Mobile Business Group, said: “With Connected Workplace, we’ve brought together Cisco best-in-class Meraki network technologies with our award-winning 5G network to make it easier for businesses to streamline their network infrastructure, ease the burden on IT and improve operations.”

T-Mobile has not shared any information on pricing, instead stating: “Our “as-a-service” model means equipment, software licensing, professional installation, and managed services are all included in a simple, straightforward recurring monthly charge per device.”

Prospective customers can contact T-Mobile for a personalized quote now.

More from TechRadar Pro

• We’ve rounded up a list of the best business broadband deals
• Amazon just launched an eero home Wi-Fi network just for small businesses
• These are the best Wi-Fi routers so that you can get the most out of your connection

SpaceX recently launched into Earth’s orbit six “Starlink satellites with Direct to Cell capabilities”. When they come online, these satellites will be able to provide cellular connectivity to every corner of the United States – even to remote locations.

This comes as part of Coverage Above and Beyond, a collaborative initiative that the company entered with T-Mobile back in 2022. It took a little while, but the program is finally bearing fruit. SpaceX explains on its website these satellites essentially function like cell phone towers thanks to an onboard “eNodeB modem”. The ultimate goal here is to effectively eliminate the existence of dead zones allowing for “mobile phone connectivity anywhere on Earth.” Something to keep in mind is the service is primarily meant for far-off locales. 

As SpaceX CEO Elon Musk states on X (the platform formerly known as Twitter), the Starlink space towers can’t compete “with existing terrestrial cellular networks” on the same level.  It'll be good, but not that good.

Testing phase

Things will start off small. The ability to send text messages will roll out later this year. Then in 2025, users will be able to make phone calls, send data, and connect IoT (internet of things) devices, such as smartwatches, to the service. That’s assuming everything goes according to plan. Both companies have had to deal with multiple obstacles along the way. Not only were these satellites incredibly difficult to design and build, but government regulators also slowed down the process.

Originally, they had planned a beta test of Starlink’s remote connectivity in 2023. Obviously, that never happened probably due to pending approval from the FCC (Federal Communications Commission). Fortunately, the FCC did give SpaceX the green light to test their direct-to-cell satellites this past December. They have 180 days to complete their trials so we should see testing start soon although it’s unknown exactly when nor do we know if it’ll be open to the public.

Plans for expansion

The future is looking bright for the initiative. Dr. Sara Spangelo, Senior Director of Satellite Engineering at T-Mobile, states the company has plans to “rapidly [scale] up” the program to partners around the world. SpaceX is currently working with telecommunication companies in Canada, Japan, Australia, and more to get the service up and running elsewhere. Direct-to-cell connectivity won’t be exclusive to the U.S., but it does appear users there will receive it first.

SpaceX won’t be alone in this field. Amazon is developing a satellite broadband network called Project Kuiper to take on Starlink. Rockets carrying prototype Kuiper satellites are scheduled to take off within the “first half of 2024.” The European government is also looking to establish a program. Right now, it’s shopping around for the right telecom corporation to take the lead.

If you're looking to improve your internet connection at home, check out TechRadar's roundup of the best broadband deals for January 2024.

You might also like

• Starlink review
• The Samsung Galaxy S24 seems almost certain to get satellite comms
• TechRadar's Year in Review: AI revolution, smartphone evolution, and visions of the future

T-Mobile may say it is getting better at preventing data breaches, but it’s not yet perfected the craft. The mobile network operator has announced it discovered yet another unauthorized intrusion, but unlike the previous incidents in which millions of people were affected, this time it seems hackers only stole data from around a thousand users.

In a notification letter sent to affected customers, the company said it spotted a system intrusion in March 2023:

"The measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," the letter reads.

Hundreds of victims

In total, 836 customers have had their sensitive data taken. The telecommunications giant said that different data types were stolen for different customers, but in general, here’s what was taken: Full customer names, contact information, account numbers and associated phone numbers, T-Mobile account PINs, Social Security Numbers, government IDs, dates of birth, balance due, and internal codes used by T-Mobile for customer account service.

This is still plenty of information that can be sold for profit on the black market, so affected users may want to consider using the best identity theft protection to safeguard against the worst case scenario.

To counter the threat, T-Mobile had reset account PINs for impacted customers, and offered free credit monitoring and identity theft detection services through Transunion myTrueIdentity.

BleepingComputer reached out to the company’s spokesperson for more details but they weren’t available for comment.

This is T-Mobile’s second data breach incident this year, following the January attack. At the time, the threat actors managed to abuse a vulnerable API to get away with sensitive data on 37 million customers. The breach occurred in November 2022, was spotted on January 5 and remedied within 24 hours.

• Keep your business safe with the best endpoint protection for small business

Via: BleepingComputer

To increase its customer base and marketing activities, T-Mobile US signed a legally binding agreement to buy Ka'ena and its affiliates, including prepaid brand Mint Mobile, international phone provider Ultra Mobile, and MVNA Plum, for up to $1.4 billion.

Furthermore, 39% of the acquisition price will be paid in cash, and 61% will be made in shares by the operator. According to the statement, the ultimate price will depend on Ka'ena's performance in specific time frames before and after the acquisition closes, which T-Mobile anticipates will happen later this year, barring unforeseen circumstances.

According to Bloomberg, the MVNO has been up for sale for some time, with information that a deal for Mint Mobile earlier this year was stopped.

"Extremely successful"

David Glickman and Rizwan Kassim, the founders of Mint Mobile, will join T-Mobile to oversee the brands, which should operate as a “separate business unit.”

Ryan Reynolds, an owner in part, will keep promoting Mint Mobile.

Via an MVNO deal, Mint Mobile makes use of the T-Mobile network, and in 2022, MVNA Plum will increase its wholesale relationship with the carrier. Also connected to the carrier's 5G network is Ultra Mobile.

Among other things, the agreement includes the sales, marketing, digital, and service assets of the MVNO, in addition to bringing Mint Mobile members under its roof.

The "extremely successful" digital direct-to-consumer business operated by Mint Mobile, according to T-Mobile CEO Michael Sievert, is a major appeal, and the MVNO and Ultra Mobile will profit from its "size and owner's economics" as a result.

The operator hopes to gain from Mint Mobile's direct-to-consumer marketing capabilities, and the purchase will allow all Ka'ena enterprises to provide consumers looking for low-cost tariffs with competitive pricing and a larger device selection.

T-Mobile sees prepaid services as a way to increase its total user numbers and perhaps convert more to contracts, despite the fact that it led the charts for post-paid net customer gains in Q4 2022.

Mint Mobile and Ultra Mobile, according to the operator, are complementary to its other prepaid brands.

• Here's our list of the best T-Mobile phones right now

Via: Mobile World Live

Customers of Google Fi have been notified via email of “suspicious activity” that may have seen some lower-risk data exposed.

Somewhat ironically, Google Fi promises to be a “private and secure” phone plan that gives its subscribers access to unlimited data, end-to-end call encryption, VPN access, and more, for $50 per month (for one user). 

Maybe less secure, though, is its “primary network provider” which informed Google that a “third party system that contains a limited amount of Google Fi customer data” was at risk. The unidentified network provider is likely to be T-Mobile, given that it supports a large portion of the Google Fi network and also experienced a data breach around the same time.

Google Fi data breach

Google told its customers that data including account activation, mobile service plan details, SIM card serial numbers, and account status, are among the key areas said to be at risk.

It stresses that personally identifiable information is excluded from the breach, so anything from a customer’s name, contact details, and date of birth, to financial information and login credentials, should all be safe.

Google’s incident response team says that Google’s systems were not compromised, but that it has worked with the “primary network provider” to implement security measures.

Customers do not need to do anything, and their services continue to work as usual.

Despite this, one Reddit user claims to have received an email from Google Fi notifying them that their mobile phone service had been transferred from their SIM card to another for almost two hours.

The author discusses how their primary email account, a financial account, and an authenticator app had all been accessed by a hacker, who may have been able to bypass any SMS-based authentication and gain access to personal accounts.

Google did not immediately respond to TechRadar Pro’s request for comment on the matter.

• Protect yourself with the best endpoint protection software and best firewalls

Via 9To5Google

T-Mobile has warned millions of its customers that a threat actor used an Application Programming Interface (API) to gain access to some of their sensitive data. 

In a warning published on the company’s website, T-Mobile tried to play down the importance of the incident, saying some “basic customer information (nearly all of which is the type widely available in marketing databases or directories)” was obtained.

The data, however, includes people’s names, billing addresses, email addresses, phone numbers, dates of birth, and account numbers, all valuable information for identity theft attacks, phishing, and similar social engineering attacks. 

Millions of victims

Passwords, payment card information, Social Security numbers, government ID numbers, as well as financial account information, remained safe, the company confirmed. It also said its investigation concluded that there was no evidence of a breach in its networks or systems. 

While the warning does not say how many people were affected by the breach, and which account types were compromised, a total of 37 million customers had their data accessed, including both prepaid and postpaid customers. 

The attack was taking place between November 25, 2022, and January 5, 2023. It was on January 6 that T-Mobile finally cut the threat actors’ access.

The company reported the attack to both law enforcement and federal agencies in the United States, whose investigation is now ongoing, it was said. T-Mobile also added that it started notifying customers who might have had their data compromised. 

The German telecommunications giant’s track record for data breaches is far from ideal. The company’s had multiple incidents over the years, including one in 2018, one in 2019, and at least three in 2020. In 2021, it was found that the company paid hundreds of thousands of dollars to not have its sensitive data leaked to the web, which happened anyway, and a year later, in 2022, confirmed being targeted by the Lapsus$ extortion gang. 

• Keep your business safe with the best endpoint protection for small business

Via: BleepingComputer

Yup, I'd sign up for T-Mobile and Starlink's new satellite-powered cell services today, if I could. It's that kind of a game-changer. But to understand why I think that we first have to look at the limitations of current satellite phones and what could make this system fundamentally different and more attractive to the average consumer.

I've watched enough war movies to start recognizing when the general or under-attack squad leader pulls out a satellite phone. It's like the communication device of last resort. In the jungle, wilderness, on a lonely desert island, or any number of cellular dead zones around the world, it's the only way to communicate with home base.

And it's completely impractical for most people not in the thick of battle or climbing Mount Everest.

Most satellite phones, like the Iridium line popularized in innumerable action movies, are expensive (often costing well over $1,000). And they can be ungainly because they need a huge external antenna, one that will make your late 1990s-era feature phone antenna look quaint. 

Generally, satellite phones do not work indoors and they may need a cable and external antenna adapter to make sure they can connect with the network of orbiting satellites.

All of this is why we didn't build our smartphone networks on a satellite system (just our GPS system) and instead opted for ground-based cell towers to cover as much area as possible. This, of course, also meant that the cell tower growth would be primarily in major metropolitan areas, leaving huge swaths of the world with dead zones, especially in some rural areas, underdeveloped nations, remote regions, and the ocean.

Knowing all this, there was always a little bit of me that wanted to at least try a satellite phone and test it by doing my own version of Tom Hanks' Cast Away. I'm not saying I'm ready to be stranded on a desert island, but maybe a jaunt into the mountains or, better yet, a cruise where connectivity is always at a premium.

Naturally, I was intrigued by the headlines about what Elon Musk's Starlink and T-Mobile might offer, especially because I knew that many people have successfully used Musk's Starlink orbiting satellite system to connect to the Internet. And I have to admit, that, after listening to the slightly over-the-top presentation, the reality sounds even better.

Beam me up

To start with, the plan, as outlined by T-Mobile CEO Mike Sievert and Musk on Thursday, does away with most of the limitations of traditional satellite phones.

First of all, it's using a slice of T-Mobile's mid-band PSC spectrum (part of the 5G spectrum), which means that you don't need a satellite phone to connect, just your regular smartphone, albiet one on the T-Mobile network.

Secondly, the images of some mud-covered army grunt rolling out from cover to make sure his battle-scarred sat-phone has a clear view of the sky need not be applied to the T-Mobile Starlink plan.

Musk claimed that the connection will work "in your pocket, in your car."

Third, you probably won't even need to sign up for a special service. Sievert gleefully told the crowd (which seemed to cheer on cue), "I would expect the pricing for this service to be the Uncarrier's favorite price. The price that we've made famous, which is that we expect, on our most popular plans, for this service to be included for free."

Sievert later clarified that more affordable plans will probably pay an additional monthly fee for the ability to use the satellite service. But this being a tech alliance announcement and not a product rollout, no pricing information was forthcoming.

Still, I'm excited about the possibility of, say, an upcoming iPhone 14 Pro or even the Samsung Galaxy Z Fold 4 I currently have running on T-Mobile being able to connect from virtually anywhere in the world - well, not exactly anywhere.

While this plan will offer you a connection for calls and texts (and maybe a photo and even the tiniest video) in places where you'd normally have no connectivity, it won't cover more than, as Sievert explained, "the lower 48 [of the United States], ...vast parts of Alaska, Hawaii, Puerto Rico, and territorial waters and even vast parts of the world's oceans." T-Mobile is not a global company and while Starlink's satellites orbit the globe, T-Mobile's plan won't extend to Europe, Asia, Africa, Australia, etc. without international carrier partnerships, which may or may not be in the offing.

I'm also aware that this is still just a promise.

Starlink has roughly 3,000 satellites in low-earth orbit right now but none of them are equipped to support this plan. Musk explained how they must equip Starlink second-generation satellites with giant, advanced phase-array antennas. Musk highlighted the challenges of sending a signal from your phone to a satellite 500 miles overhead and that's also traveling at 17,000 miles per hour (though he added that they had it working in the lab).

In other words, it's gonna take some time to literally get the plan off the ground and into the sky and the beta rollout won't happen until 2023.

I can't lie and say that the promise of "the end of dead zones," as Musk put it, doesn't excite me. Even in the suburbs I live with them and wonder if an orbiting satellite network as a backup might not ease some of my frustration. However, I also take Sievert and Musk's point that this is not just about consumer convenience. Hikers and people lost at sea or caught in blizzards have died because they couldn't communicate. This might help, providing their phones still have power and, I think, the sky is clear.

Looking beyond the somewhat silly pomp and circumstance of the launch event, I could not help thinking that this was important and that, yes, I wanted my cellphone to also be a satellite phone because why should any of us ever be disconnected?

If you think you might want to upgrade your smartphone before the advent of a phone satellite network, check out our list of the best smartphones of 2022.

However, the company says there are half a million square miles of the US and vast stretches of ocean that lack cellular coverage from any provider

US mobile operator T-Mobile is partnering with Elon Musk’s SpaceX satellite venture to bring its mobile network to the most remote parts of the country.

T-Mobile claims its 5G network now covers 315 million people in the US, with 225 million of those able to access it fastest ‘Ultra Capacity 5G’ service. The latter figure is expected to reach 260 million later this year and 300 million in 2023.

T-Mobile SpaceX

In some areas, such as deserts and mountain ranges, there are logistical and economic challenges, while in national parks there are land-use restrictions that prevent the installation of masts.

Satellite phones have been one way to stay connected in such locations, but these are expensive and use legacy technology. A new generation of Low Earth Orbit (LEO) satellites that deliver significant advances in speed, capacity, and low latency are now a viable alternative to fixed connectivity.

Starting next year, T-Mobile customers will automatically connect to SpaceX’s ‘Starlink’ constellation of LEO satellites when they are out of reach of a terrestrial signal. Initially, customers will only be able to send texts and access messaging apps, but voice and data coverage will be added in the future.

Crucially, the network will be compatible using existing radio technology, specifically T-Mobile’s mid-band spectrum, meaning it will work with existing devices.

“We’ve always thought differently about what it means to keep customers connected, and that’s why we’re working with the best to deliver coverage above and beyond anything [that] customers have ever seen before,” said Mike Sievert, CEO of T-Mobile. “More than just a groundbreaking alliance, this represents two industry-shaking innovators challenging the old ways of doing things to create something entirely new.”

“The important thing about this is that it means there are no dead zones anywhere in the world for your [mobile] phone,” said SpaceX Chief Engineer Elon Musk. “We’re incredibly excited to do this with T-Mobile.”

Other operators are also looking at satellite as a way of enhancing their converged networking strategies. Telefonica, for example has partnered with OneWeb, the satellite broadband firm part owned by the British government.

• We've picked out some of the best mobile phone deals 

US operator T-Mobile has promised to pay out $350 million to fund claims, legal fees, and administration costs following 2021's gargantuan data breach.

The company also said in an SEC filing that it would fork out $150 million on “data security and related technology” over the next two years.

However, T-Mobile maintained that the settlement "contains no admission of liability, wrongdoing, or responsibility by any of the defendants".

What actually happened?

T-Mobile claims that the breach impacted 76.6 million people and involved the data loss of customers’ first and last names, Social Security numbers, and driver’s license information.

The incident was blamed on a "sophisticated cyberattack" and T-Mobile customer data later appeared for sale on the dark web, according to reporting by Motherboard, which said a hacker obtained the information by breaching the telecom company's servers.

The settlement still needs court approval, which is expected as early as December 2022.

Though the settlement amount for T-Mobile, which reported $58.4 billion in full-year 2021 earnings, is fairly eye-popping, it's still somewhat mid-table in the list of the largest data breach payouts; Equifax paid out $575 million following its widely publicized 2017 incident, while Home Depot paid out $200 million following its 2014 breach.

Recent research from Splunk found that nearly half (49%) of companies suffered a data breach in the last two years.

• Want to avoid your company making a massive payout? Check out our guide to the best ID theft protection.

Via The Verge

A nasty bug has been going around affecting iPhone users that can cause the iMessage and FaceTime apps to randomly deactivate with no way to turn them back on.

The news comes from various Twitter users including prominent Apple leaker and Bloomberg reporter Mark Gurman, all of whom detailed their experience with this bug. So far, this problem is limited to users on the T-Mobile and Verizon networks. That may seem like good news at first if the problem is limited to just two networks.

However, Verizon and T-Mobile have the widest service networks in the United States, and with over 113 million iPhone users in the U.S., this could be a major problem.

Problem with eSIM

The problem is specifically affecting the eSIM chip, according to 9 To 5 Mac. The eSIM chip allows people to set up and activate their phones on a network via software without having to use a physical SIM card or visit a carrier store. And if you don’t recall, a SIM card is what allows your smartphone to make calls, send texts, and connect to the internet over a cellular network.

The purpose of the eSIM chip is to make setting iPhone easier to do. Unfortunately, no one knows exactly what is occurring inside the eSIM chip that’s causing the problem. According to Gurman, this bug has existed for a while. It affects phones running iOS 15.4, 15.5, and 15.6 beta 1.

Both Verizon and T-Mobile appear to be aware of the bug as several people in that Twitter thread, including Gurman, contacted their carriers for help. So far, Apple has yet to acknowledge the bug, let alone roll out a patch fix.

Solutions

Gurman states that the only solution is to insert a brand physical SIM card into an iPhone to get around the bug. 

It’s also possible to remove your eSIM account and get a new one reissued to your iPhone. But Gurman advises against this because the process is too “complex for most people and shouldn’t need to ever to be done."

One person describes his experience with reissuing an eSIM via T-Mobile. According to the user, T-Mobile had to reissue the eSIM three separate times and it took 30 minutes for the last one to activate. But then that caused further problems with the line and required calling the carrier again.

It’s unknown if or when Apple will fix this problem. TechRadar has contacted Apple and Verizon and will update this story with their replies.

Telecoms giant T-Mobile has confirmed its digital premises were breached by the notorious Lapsus$ hackers, but played down the severity of the incident.

As reported by BleepingComputer, the group of hackers was apparently unable to obtain any valuable data from the incursion.

"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," a T-Mobile spokesperson told the publication.

Stealing source code

T-Mobile went in to further details as to precisely what the attackers were able to access, and how the company responded.

"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," said the firm.

"Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."

However, other sources offer conflicting reports as to the nature of the stolen data.

According to a report from security expert Brian Krebs, based on leaked chat logs allegedly showing a conversation between Lapsus$ members, the group managed to steal proprietary T-Mobile source code. A total of 30,000 source code repositories were taken from T-Mobile's endpoints, the report claims.

The group is also said to have obtained access to Atlas, a powerful internal T-Mobile tool for managing customer accounts, as well as access to company Slack and Bitbucket accounts.

The motive behind the desire to steal source code is unclear, the report further states, but Krebs suspects that it could be about extortion, or turning a profit on the black market. 

In the past four years, T-Mobile has disclosed a total of seven breaches, including one in which threat actors accessed data belonging to 3% of all of its customers. 

Recently, the company’s customers notified the FBI of “unblockable” SMS phishing attacks, which are linked to one of the earlier breaches.

• Protect your internal networks with the best firewalls around

Via BleepingComputer

Mobile network operator T-Mobile has warned its users of an unblockable smishing campaign that aims to steal their personal information and passwords, or install malware.

According to a BleepingComputer report, T-Mobile warned its users after the company was itself alerted by the New Jersey Cybersecurity / Communications Integration Cell (NJCCIC), an arm of the Office of Homeland Security and Preparedness working on cybersecurity threat analysis and incident reporting. 

The NJCCIC was approached by “multiple” customers, who had received group SMS messages pretending to be from T-Mobile. The message thanked the recipient for paying their bills on time and offered a free “gift”, to be claimed via the web link provided.

Group messages cannot be blocked

When clicked, the link redirects the user to a malicious website that aims to “steal account credentials or personal information, or install malware".

The group message was sent to numerous numbers, at random, the NJCCIC says, with the victims being targeted “dozens of times” over the span of three days. Given that these are group texts, the victims were unable to block the attacker.

The NJCCIC speculates that the smishing campaign was likely made possible due to previous data breaches affecting the mobile carrier and millions of its users. 

BleepingComputer reminds that, in the past four years, T-Mobile has disclosed a total of seven data breaches.

In 2018, data belonging to 3% of the company’s customers was accessed. And a year later, T-Mobile exposed the data belonging to some of its pre-paid customers.

In 2020, meanwhile, T-Mobile employees' email accounts were compromised, and phone numbers and call records were accessed by unauthorized third parties.

Last year wasn't devoid of incident, either, with a threat actor compromising T-Mobile’s network through its testing environment, and using the stolen information to launch SIM swap attacks.

As usual, cybersecurity experts are urging people to deploy multi-factor authentication and security keys, and not to click on links in emails and SMS from unfamiliar senders.

• Prevent smishing attacks with the best Android antivirus solutions right now

Via BleepingComputer

A new Google One membership is on the way, offering users unlimited Google Photos cloud storage - however it’s only available to T-Mobile customers in the US, and it’ll cost $15 per month. 

Google Photos delivers one of the best photo cloud storage services - ideal for users who upload a lot of high-res images. T-Mobile’s latest Google One membership plan, which the mobile network provider says is launching soon, will also give users 2TB of cloud storage across Gmail and Google Drive. This matches the current top-tier Google One subscription package offered to all Google account holders.

What makes the mobile brand’s announcement unique is that not even Google is giving away unlimited Photos storage for high-quality uploads. 

The One membership

It wasn’t that long ago that Google Photos used to offer unlimited high-quality uploads - a promise it had kept since its unveiling in 2015. 

However back in June 2021, the company started limiting basic users to just 15GB free cloud storage across Google Photos, Drive, and Gmail. 

In a move that mirrors Apple’s own iCloud expanded storage subscription options, media-heavy users looking to expand or upgrade their cloud storage options must join the Google One subscription service. 

Google One is billed as ‘one membership to get more out of Google’. The packages, which are available on a Basic, Standard, and Premium subscription tier, includes perks like expanded Google Drive cloud storage and a VPN for Android and iOS - all of which can be shared with up to five family and friends.  

Finding the right Google One plan

The newest option builds on T-Mobile’s two existing Google One packages: $5 a month nets customers 500GB of storage, while a monthly fee of $10 delivers 2TB of cloud storage without unlimited Google Photos. 

However, if it makes you feel better, note that T-Mobile’s unlimited photo and video storage plan is only available to the main account holder. 

T-Mobile’s unlimited Google Photos plan will be available from April 26 2022. 

•  Keep your business running with the best cloud document storage solutions 

After falling victim to a data breach last year, the US telecom T-Mobile hired a third-party which tried to buy back the company’s stolen data before it could be widely distributed online.

As reported by Motherboard, the plan was ultimately unsuccessful as the cybercriminals responsible continued to sell the company’s data on an online hacking forum despite being paid a total of $200k to delete their copy.

The news outlet only recently learned that a third-party hired by T-Mobile tried to buy back the telecom’s stolen customer data following the Department of Justice unsealing an indictment against Diogo Santos Coelho who is allegedly the administrator of the notorious hacking site RaidForums.

While Coelho was arrested in the UK back in March of this year, an affidavit regarding his extradition to the US contained new information on the T-Mobile data breach though the company was not named outright.

Purchasing stolen data from cybercriminals

According to the affidavit, a RaidForums’ user going by the handle “SubVirt” made the original post on the site offering to sell a stolen database containing the social security numbers, dates of birth, driver’s licenses and other sensitive information of 124m T-Mobile customers.

An employee of the third-party hired by T-Mobile responded to the post and bought a sample of the data in the database for $50k in Bitcoin. After reviewing the sample, they then went on to purchase the entire database for around $150k on the condition that SubVirt would delete their copy of the data. This would limit T-Mobile’s customer data from ending up in the hands of other cybercriminals that could use it to commit fraud, identity theft, phishing attacks and other cybercrimes.

After being paid $200k for the database, SubVirt and the other hackers behind the breach continued to try and sell the company’s stolen customer data on RaidForums. While the court documents don’t name the third-party hired by T-Mobile, in a statement back in August, the company’s CEO Mike Sievert explained that its investigation into the breach had been “supported by world-class security experts Mandiant from the very beginning”.

Paying cybercriminals is not out of the ordinary and it routinely occurs when organizations fall victim to ransomware attacks. Just like in this case though, cybercriminals may not keep up their end of the bargain which is why the FBI and other law enforcement agencies say to never pay a ransom.

• Avoid falling victim to fraud and other cybercrime with the best identity theft protection

Via Vice

AT&T, Dish Network and T-Mobile were the big winners at the most recent auction of 5G spectrum in the US.

The Federal Communications Commission’s (FCC) sale of mid-range 3.45GHz licences raised $22 million for the US government, making it one of the highest-grossing auctions of spectrum ever in the country.

AT&T will pay $91 billon, Dish $7.3 billion, and T-Mobile $2.9 billion. Verizon Wireless was conspicuous by its absence from the process.  

US 5G spectrum

While major communications providers were the biggest spenders, licenses for a range of categories were up for grabs. The FCC said it was pleased at the substantial increase in the number of winning bids per market and noted that 13 of the 33 winners classified as small businesses or those that served rural communities.

The regulator said this diversity would ensure the US would maintain its position as a leader in 5G.

“Today’s 3.45 GHz auction results demonstrate that the Commission’s pivot to mid-band spectrum for 5G was the right move,” said FCC Chairwoman Jessica Rosenworcel. “I am pleased to see that this auction also is creating opportunities for a wider variety of competitors, including small businesses and rural service providers. This is a direct result of the Commission’s efforts to structure this auction with diversity and competition front of mind.

“Enabling commercial use of this spectrum is important to America’s continuing economic recovery and 5G leadership, and I look forward to the continued collaboration between the FCC, NTIA, and other federal agencies to find innovative ways to make spectrum available for next generation commercial and government services.”

Mid-range spectrum offers a compromise between the range and indoor penetration characteristics of low-range airwaves and the huge capacity offered by high-band frequencies. AT&T and Verizon Wireless won mid-range C-Band licenses at an auction last year that raised $80 billion for the American government and are preparing an imminent launch of services in the coming weeks.

However, C-Band 5G has proved controversial in the US with the Federal Aviation Administration (FAA) fearing that it could interfere with sensitive aircraft equipment. The mobile industry has refuted these claims.

The FCC said the arrangements for the latest release of airwaves would enable “robust commercial use” without the risk of interfering with existing use cases.

• Here are the best 5G mobile phone deals if you're thinking of an upgrade

US mobile carrier T-Mobile has revealed that a bug in iOS 15.2 prevented some of its customers from using iCloud Private Relay on their iPhones when using cellular data.

First introduced by Apple with the release of iOS 15, iCloud Private Relay provides users with an additional layer of privacy by preventing others from viewing the websites they visit just like with a VPN. The new feature works by first sending the web traffic of iPhone and Mac users through a server maintained by Apple and then through a second server operated by a third-party.

According to a new report from The Verge, in addition to T-Mobile, Verizon and AT&T have also confirmed that they aren't blocking their customers from using Apple's latest privacy feature. A Verizon spokesperson confirmed to the news outlet that iCloud Private Relay works on both cellular and Fios internet connections while a spokesperson from AT&T said that the carrier's policy is not to block Private Relay.

Still though, in an open letter to the European Commission, Vodafone, Telefonica, Orange and T-Mobile voiced their concerns about the impact iCloud Private Relay could have on their businesses explaining that the feature cuts off networks and servers from accessing “vital network data and metadata” and could impact “operator's ability to efficiently manage telecommunication networks”.

iOS 15.2 issue

Some T-Mobile users were unable to use iCloud Private Relay recently but in a statement to 9To5Mac, the mobile carrier explained that a bug in iOS 15.2 was actually to blame.

The company's team identified that a bug in iOS 15.2 led to iCloud Private Relay and other device settings to be toggled off by default. It's worth noting that this issue isn't specific to T-Mobile users which is why some Verizon and AT&T customers also had trouble using iCloud Private Relay on their devices.

Fortunately, there is a workaround for the issue. To get iCloud Private Relay working on mobile data, users first need to turn off their Wi-Fi and then head to the Settings menu on their iPhone. From here, you'll need to choose Cellular, then choose your plan and check that “Limit IP Address Tracking” is enabled. Afterwards, you can turn Wi-Fi back on and iCloud Private Relay should now work on both cellular and wireless networks.

Some T-Mobile customers on plans that feature content filtering (e.g. parent controls) will still be unable to use iCloud Private Relay though as Apple's privacy feature would make it impossible to block their children from accessing certain sites. If you're a T-Mobile customer with this kind of plan, you can always pick up one of the best iPhone VPNs to keep your web traffic private while still being able to control what your kids see online using T-Mobile's parental control software.

We've also featured the best VPN and best proxy

Via The Verge and 9To5Mac

Following the news that several mobile carriers in Europe had begun blocking iCloud Private Relay on their customers iPhones, it now appears that some T-Mobile and Sprint customers in the US are having trouble accessing the feature as well.

First introduced by Apple with the release of iOS 15, iCloud Private Relay provides users with an additional layer of privacy by preventing others from viewing the websites they visit just like with a VPN. The new feature works by first sending the web traffic of iPhone and Mac users through a server maintained by Apple and then through a second server operated by a third-party.

While it initially seemed that T-Mobile was blocking the feature outright, in a statement to 9To5Mac a company spokesperson explained that Private Relay is only being blocked on customer accounts that use parental control software for content filtering. All other customers have no restrictions and can use the feature in the way that Apple intended.

Now it seems that iPhone users on T-Mobile have a choice to make: protect their privacy further using iCloud Private Relay or give up the ability to enable content filtering on the devices used by their children? If they choose to disable content filtering and use Private Relay themselves, they can always install their own parental control software on devices used by their children. At the same time, they can keep using T-Mobile's content filtering and install one of the best iPhone VPN services on their own device to protect their privacy further.

Carrier backlash

Although Private Relay can help further protect a user's privacy, it does limit the amount of usage data mobile carriers can collect on their customers.

In fact, T-Mobile along with several European carriers signed an open letter in which they voiced their concerns about the impact Private Relay could have on their businesses. In their letter, the carriers explained that the feature cuts off networks and servers from accessing “vital network data and metadata” and could impact “operator's ability to efficiently manage telecommunication networks”.

In the UK for instance, T-Mobile, E and other mobile carriers have already begun blocking Private Relay when customers are connected to cellular data. However, it's still unclear as to whether or not this also has deal with content filtering for UK T-Mobile users.

While Apple has yet to comment on this situation, the iPhone maker may be displeased by the fact that some mobile carriers are preventing one of its new iOS 15 features from working on their networks. We'll likely hear more once more users begin using Private Relay but in the meantime, you can test the feature out for yourself by going to your iPhone's Settings menu, heading to the iCloud tab and choosing “Private Relay”.

We've also rounded up the best VPN services and best proxy

Via 9To5Mac

A “very small group” of T-Mobile customers in the United States fell victim to a SIM-swapping attack, the telecoms operator has confirmed.

In a statement, the company said affected customers were notified of the attack, and the company acted quickly to mitigate the threat.

"We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," T-Mobile told BleepingComputer.

Big telecoms targeted

"Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf."

"We are not providing any additional information at this time. Thank you!”, the statement concluded.

A SIM swap attack is a fraudulent activity in which the telecommunications operator is tricked into assigning a mobile phone number to a different SIM card. It’s a popular, and very dangerous attack, given that many people use SMS for two-factor authentication. 

By redirecting SMS messages to the attacker’s mobile device, they’re often able to log into banking services, clear out the funds, or steal their identities for other purposes.

As a major telecoms provider, T-Mobile is often the target of identity theft and similar fraudulent activities. Customers are advised to be extra careful when getting SMS messages, or emails, claiming to be from T-Mobile. Also, they should be careful not to open any links in those messages, before confirming the authenticity of the sender.

Account takeover is such a widespread thing that T-Mobile has an entire support page devoted to it.

• You might also want to check out our list of the best antivirus solutions out there

Scam calls continue to be a major annoyance for mobile users in the US with T-Mobile reporting that it identified or blocked over 21bn of them in 2021 alone.

The US telecom has released its first year-end Scam and Robocall Report revealing that scam call traffic hit all-time highs this year and jumped by over 116 percent when compared to 2020.

In addition to being the number one complaint to the FCC, scam call attempts are clocking in at an average of 425m per week. This is why T-Mobile launched its Scam Shield last year to protect all of its customers against scammers regardless of their mobile plan without requiring them to use a special device or app.

President of T-Mobile's consumer group, Jon Freier provided further details on the company's Scam Shield and how it's working to protect mobile users from spam calls in a press release, saying:

“Attempted scam calls hit record highs in 2021, but with Scam Shield we are identifying or blocking an average 1.8 billion calls each month — or 700 calls per second! — for our T-Mobile and Metro by T-Mobile customers. We are the only provider protecting every single customer with the free scam-fighting tools in Scam Shield, regardless of their plan or device. We know that scammers won’t stop as long as they continue to be successful, so we are doing everything we can to make their job as hard as possible. Scam Shield leverages T-Mobile’s powerful network to help keep our customers protected in real time, 24 hours a day, seven days a week.” 

Higher volume and more aggressive

Although many scammers were forced to shutdown their operations last year, they came back in full force in 2021 and continued to get more aggressive as the year progressed. 

In fact, the number of scam calls doubled in volume this year. In January of 2021, T-Mobile identified 1.1bn calls as Scam Likely. However, by November, the volume of scam calls had increased exponentially to reach 2.5bn calls identified as Scam Likely.

Another interesting takeaway from T-Mobile's report is that scammers like to take it easy on the weekends resulting in an 80 percent drop in calls identified as Scam Likely from Monday-Friday to over the weekends. At the same time, scammers are also taking holidays off with Easter of 2021 having the lowest volume of scam calls for the entire year.

When it came to the most targeted regions in the US, Texas, Florida, Arizona and Georgia had the highest volume of scam calls with Dallas/Fort Worth being the most targeted metro area. Additionally, fake vehicle warranties were the number one scam attempt this year though other popular ones included pretending to be with the Social Security office (10%), wireless provider (9%), car insurance company (6%), or package delivery (4%).

Scam calls have been a nuisance for far too long and hopefully the FCC will work together more closely with mobile carriers next year to limit their volume and prevent unsuspecting users from falling victim to fraud or even identity theft.

We've also featured the best antivirus, best VPN and best identity theft protection

T-Mobile will no longer be able to advertise its 5G network as the 'most reliable' in the US according to a new ruling from the National Advertising Division (NAD) of the Better Business Bureau.

In a new press release, NAD recommended that the company discontinue all claims that it has the most reliable 5G network based on third-party testing from the Accenture-owned advisory firm umlaut. However, T-Mobile has already said that it will appeal NAD's decision on the matter.

NAD only got involved after AT&T challenged express and implied claims made by T-Mobile which first appeared in two television commercials and internet advertising.

President of technology at T-Mobile, Neville Ray praised the results of the nationwide study of 43m data samples from over 70,000 of its 5G smartphone users conducted by umlaut in a press release back in July, saying:

“umlaut’s report is just the latest to prove customers and businesses alike can count on T-Mobile 5G to deliver a fast and reliable 5G connection in more places than anyone else. While the other networks play catch up, we’ll keep adding more 5G coverage and capacity to bring a transformative experience to customers across the country.” 

5G and non-5G networks

Umluat's scoring for 5G network reliability tested T-Mobile's 5G network based on three metrics: 5G coverage reach, 5G connection share and download speed.

While the mobile carrier argued that many consumers toggle between 4G and 5G and that umlaut's testing methodology represents how many of them use 5G to supplement 4G, NAD determined that non-5G data cannot be used to support a claim about a 5G network. NAD also made the point that speed and coverage alone cannot be used to support a reliability claim.

T-Mobile responded to NAD's decision by saying that it was disappointed and would appeal it. The mobile carrier also argued that it should be able to advertise umlaut's independent award.

While T-Mobile can no longer claim that it has the most reliable 5G network, the company did take the top spots for 5G speed and availability in RootMetrics' latest 5G Scorecard.

Interested in upgrading to 5G? Check out our list of the best 5G smartphones and our roundup of the best cell phone plans

Hackers managed to break into Syniverse, a relatively unknown company that provides backbone services to major wireless carriers around the world, in a campaign that could have impacted millions of cellphone users, reports suggest.

According to Motherboard, Syniverse forms a critical part of the global telecommunications infrastructure, and counts the likes of AT&T, Verizon, Vodafone, T-Mobile, among its customers.

In a filing with the US Security and Exchange Commission (SEC), the company disclosed that threat actors managed to gain “unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

• Shield yourself with these best identity theft protection services
• We've put together a list of the best endpoint protection software
• These are the best malware removal software on the market

The incident, which was detected in May 2021, but dates back to May 2016, is discussed in the section where it talks about the risks associated with the company owing to the nature of its business. 

Global privacy disaster?

Syniverse hasn’t discussed the incident outside of the SEC filing, and didn’t respond to Motherboard’s questions about the scope and scale of the breach. 

However a former Syniverse employee disclosed that EDT systems have information on all types of call records. Another anonymous individual familiar with telephone carriers suggests that the Syniverse hackers could have had access to metadata such as length and cost, caller and receiver's numbers, the location of the parties in the call, as well as the content of SMS text messages.

"Syniverse has access to the communication of hundreds of millions, if not billions, of people around the world. A five-year breach of one of Syniverse's main systems is a global privacy disaster," security researcher Karsten Nohl told Motherboard.

However, the former Syniverse employee suggests the breach is probably more embarrassing than devastating since nothing untoward seems to have come out of it in over five years.

“Not saying nothing bad happened but it sounds like nothing did happen,” opines the former employees.

• Protect your devices with these best antivirus software

Via Motherboard

T-Mobile’s most recent data breach leaked the personal information of 53 million people, with names, addresses and even social security numbers leaked online. 

Those affected face not only the risk of identity theft, but also the growing threat of SIM-swapping that can allow attackers to hijack their online accounts. 

While security experts have given consumers advice about how to protect themselves, some well known companies are actively preventing them from securing their accounts.

• We’ve built a list of the best security keys on the market 
• Check out our list of the best identity theft protection available
• And the best password managers around

SIM-swaps

In a SIM-swap, criminals steal their victim’s phone number by convincing the mobile carrier to transfer the victim’s phone service to a SIM-card that they control.  

The T-Mobile breach makes it easier for criminals to do this because it leaked answers to questions the mobile carrier might ask before agreeing to switch the victim’s SIM. 

“In a hypothetical scenario, if customer service asks an attacker for the last four digits of your social security number and credit card in order to access your account, the attacker can now correctly answer those challenges,” notes  Kevin Lee, a security researcher and PhD student in the computer science department at Princeton University. 

“Once inside, the attacker can ask the customer service agent to update the SIM card on your account to a new one in his possession, which will essentially divert all your incoming calls and messages … to the attacker.”

As many online accounts allow users to reset their passwords and receive two factor authentication (2FA) codes via SMS, once an attacker steals a user’s phone number they can also hijack their online accounts.  Security experts have advised those affected by the T-Mobile breach to protect their accounts by enabling non-SMS based 2FA methods, such as authentication apps or security keys.  But not all companies give their users this option and even when they do, many still have vulnerabilities in the way they authenticate their users, putting customer accounts at risk. 

Companies are putting their customers at risk

Last year, Lee and a team of researchers warned many well-known companies about these vulnerabilities in how they authenticate their users.

Venmo, the mobile payment app, is one of the companies they contacted. A Venmo user can request a password reset via SMS and will also receive 2FA codes via SMS — they do not have the option to use a more secure method such as an authenticator. This means that if a user is SIM-swapped the attacker has everything they need to hijack their victim’s Venmo account and take control of their money.

WordPress.com is another offender Lee and his colleagues contacted.  Like Venmo, they allow users to reset their password via SMS. Unlike Venmo they allow users to set up an authenticator, but require users to receive 2FA codes via SMS as a backup, completely undermining the security benefits of the authenticator. 

If a WordPress.com user is SIM-swapped the attacker can reset their password and bypass the need for an authenticator by having a code sent via SMS, allowing them to hijack their victim’s account and take over their websites.  

WordPress.com’s situation is made worse by the fact that there is no indication in a user’s 2FA settings that when an authenticator is set up, SMS is enabled as a backup.  In my account, for example, it tells me “You've enabled two-step authentication on your account — smart move! When you log in to WordPress.com, you'll need to enter your username and password, as well as a unique passcode generated by an app on your mobile device.”  If I scroll down, I can see my backup methods, but SMS is not listed.  It’s only when I go to log in that I see SMS is provided as a backup option.

Overall Lee and his colleagues identified 17 websites that were putting their customers’ accounts at risk of hijacking after a SIM-swap.  Only 4 of the 17 fixed the issue.

Venmo and WordPress.com are among the 13 that failed to take any action, as I confirmed by testing with my own accounts and contacting customer service. In some cases, companies did not take action because they did not understand that the way they were authenticating users was insecure, which Lee described as “concerning.” Others recognized the problem, he said, but opted not to make changes “for fear of inconveniencing customers.” 

What companies can do

Companies don’t have to take drastic measures to protect their customers’ accounts from hijacking after a SIM-swap.

Lee emphasized the importance of threat modeling, a process in which companies analyze potential ways for an attacker to interact with their site in order to identify vulnerabilities and fix them ahead of time.

A few of the more secure sites they analyzed had presumably engaged in threat modeling and had themselves identified the problem with allowing password resets and 2FA codes to be sent via SMS.

These companies “would disallow SMS-authenticated recovery for accounts that had SMS 2-step login enabled,” Lee said. This provides at least some protection if a user is SIM-swapped, as the attackers won’t be able to gain access to the victim’s account unless they have also obtained their password through other means.

Lee and his colleagues also recommended companies give their customers at least one secure 2FA option, like an authenticator app or security key.

As they highlighted, these options are not just more secure, but allow for quicker authentication and can be used without an internet connection. 

Lee emphasized via email that mandating SMS 2FA as a backup “might not fit everyone’s security needs, and could even be hurting users,” especially when it is done without their knowledge. He added that “transparency is crucial,” and that companies need to provide users with clear information about the methods they can use to access their account.

That way at least a user who has an authenticator set up won’t be blindsided if they are SIM-swapped and find their account is still hijacked because SMS 2FA was silently enabled as a backup.

Companies that continue to do nothing, however, are helping cybercriminals, not their customers.

• Stay secure online with the best endpoint protection around

The recent T-Mobile data breach in which a hacker claims to have stolen the personally identifiable information (PII) of roughly 100m of the mobile carrier's customers may actually be much worse as the company has revealed new details from its investigation into the matter.

Earlier this week, a hacker posted on an underground forum in an attempt to sell a pool of data on the company's customers which reportedly included their social security numbers (SSN), phone numbers, names, addresses, unique IMEI numbers and driver's license information.

Now though, T-Mobile has confirmed in a new post on its site that 7.8m of its current postpaid or on contract customers did have all of the data mentioned above stolen as a result of the breach. However, the hacker was also able to acquire their IMEI (International Mobile Equipment Identity) that is assigned to every mobile device as well as their IMSI (International Mobile Subscriber Identity) that is used to identify their SIM card.

• We've assembled a list of the best identity theft protection around
• Keep your devices virus free with the best malware removal software
• Also check out our roundup of the best firewall for your network

While a cybercriminal could use the exposed personal information of affected T-Mobile customers to commit identity theft, their IMSI information could potentially be used in SIM swapping attacks where an attacker takes over a user's phone number to intercept two-factor authentication (2FA) codes as well as other data being sent to their smartphone.

T-Mobile data breach

T-Mobile also revealed that an additional 5.3m of its postpaid customers are affected by the breach though apparently their driver's licenses and social security numbers weren't exposed.

The accounts of 667k former T-Mobile customers were exposed as well though thankfully, former Sprint prepaid and Boost Mobile customers didn't have their information stolen during the breach. Unfortunately, the same can't be said for 52k Metro by T-Mobile customers who also had their information stolen.

Both T-Mobile and he FCC are currently investigating the data breach and so far, one class-action lawsuit has been filed against the mobile carrier.

Current T-Mobile customers who are concerned that their data may have been exposed can visit this page for more information on how to sign up for the company's Scam Shield which offers scam-blocking protection and other anti-scam features. The company is also offering a free two year subscription to McAfee's ID Theft Protection service to affected customers.

We'll likely hear more regarding the breach and how the hacker was able to penetrate T-Mobile's systems once the company and the FFC's investigation is complete.

• We've also highlighted the best antivirus

Via The Verge

T-Mobile has confirmed that an unauthorized user has indeed managed to scoot away with the personally identifiable information (PII) of several millions customers.

The incident first came to light when the apparent T-Mobile hacker offered to offload the ill-gotten data, which they claimed to have stolen from T-Mobile servers. T-Mobile earlier told TechRadar Pro that it was investigating the hacker’s claims, then later delivered a statement that confirmed the leak without quantifying the damage.

However, in its latest statement, the telecoms company says it has been able to establish that the hacker did manage to lift the PII of millions of its customers.

• These are the best data loss prevention services
• Shield yourself with these best identity theft protection services
• Here’s our list of the best password managers

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company wrote.

All too common

Confirming the hacker’s claims, T-Mobile said that, besides the full name of their customers, the leaked data also included other sensitive information, including their date of birth, social security numbers (SSN) and driver’s license details. 

“We have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed,” added T-Mobile, stating that it has proactively reset all of the PINs on the leaked accounts.

The company claims that, while the investigation is still underway, it has no reason to believe the stolen records included any financial details of the customers.

In response to the leaks, T-Mobile has announced a number of remedial steps to prevent the misuse of the information, including offering two-year complimentary access to McAfee’s identity protection services.

However, Ric Longenecker, CISO at cybersecurity vendor Open Systems told TechRadar Pro that the incident is further proof that companies must immediately take preventive steps to fend off such breaches from occurring in the first place.

“Another day, another cyberattack on a major company results in the personal information of millions of people being stolen. This has become an all too common occurrence for companies worldwide – and the fifth known data breach for T-Mobile over the past three years,” said Longenecker.

• We’ve also rounded up the best security keys

After announcing it was investigating the apparent sale of customer information online, T-Mobile has now confirmed its servers had indeed been breached and some data exfiltrated.

“We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the telecoms firm told TechRadar Pro. 

The leak came to light when a hacker began offering up personally identifiable information (PII) supposedly relating to millions of US-based T-Mobile customers on an underground forum. 

• These are the best data loss prevention services
• Shield yourself with these best identity theft protection services
• Here’s our list of the best password managers

The pool of stolen data reportedly includes the social security numbers (SSN), phone numbers, names, physical addresses, unique IMEI numbers, and driver license (DL) information of roughly 100 million T-Mobile customers.

Brace for impact

The hacker reportedly said T-Mobile had discovered their entry point, since the company had taken action to seal it off. This too has now been confirmed by T-Mobile. 

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” said T-Mobile.

The company claimed that while it can confirm the unauthorized access of its data, it isn’t in a position to confirm whether the leak included any personal data. 

While T-Mobile is yet to confirm the hacker’s claims, industry experts believe that if the claims are indeed found to be true, the details could be very damaging in the hands of cyber criminals.

“What is most concerning is the availability of mobile phone identity numbers tied to each specific customer’s phone. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts,” Sam Curry, Chief Security Officer of cybersecurity firm Cybereason, told TechRadar Pro.

• We’ve also rounded up the best security keys

A hacker appears to be selling personally identifiable information (PII) relating to millions of US-based T-Mobile customers on an underground forum.

While the forum post doesn’t say the data belongs to T-Mobile explicitly, the seller told Motherboard they obtained the information by breaching the telecom company's servers. 

The pool of data reportedly includes the social security numbers (SSN), phone numbers, names, physical addresses, unique IMEI numbers, and driver license (DL) information of roughly 100 million T-Mobile customers.

• These are the best data loss prevention services
• Shield yourself with these best identity theft protection services
• Here’s our list of the best password managers

Under investigation

The hacker has put up less than a third of the stolen data with SSN and DL details for sale on the dark web - for the price of six bitcoin (about $270,000) - with the intent to sell the rest of the database privately.

Responding to reports, T-Mobile issued a statement claiming that it is investigating the potential breach.

"We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time," the company told Motherboard.

Interestingly, the hacker claims that T-Mobile is aware of the breach since the company has sealed their access to the breached servers.

"I think they already found out because we lost access to the backdoored servers," the seller told Motherboard in an online chat.

T-Mobile did not immediately respond to TechRadar Pro’s request for confirmation of the breach.

• We’ve also rounded up the best security keys

Via Motherboard

T-Mobile has revealed that it suffered a data breach in which customers' proprietary network information (CPNI), including their phone numbers and call records, was exposed online.

Earlier this week, the US telecom began informing its customers via text message that a security incident had occurred that may have impacted some of their account information. 

However, T-Mobile provided further details in a notice of security incident on its website and explained that its security team recently discovered “malicious, unauthorized access” to its systems.

• We've put together a list of the best ransomware protection software
• Keep your devices virus free with the best malware removal software
• Also check out our roundup of the best patch management software

Following this discovery, an investigation was launched with assistance from leading cybersecurity forensic experts to determine what happened and exactly what customer information was exposed.

Customer proprietary network information

According to T-Mobile, the CPNI accessed by hackers may have included customers' phone numbers, the number of lines on their accounts and in some cases, call-related information.

Thankfully though, the data accessed did not include customers' names, addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords or PINs.

Affected customers have already received text messages from T-Mobile informing them of the situation but they should remain on the lookout for any suspicious texts claiming to be from the company or messages containing links to third-party websites as cybercriminals often use the news of a data breach or security incident to launch phishing attacks to try and steal user credentials.

Although T-Mobile has suffered another data breach, this attack appears to be less severe than the one that occurred in March in which hackers were able to gain access to both customer and employee data.

• We've also highlighted the best antivirus software

Via BleepingComputer

The US telecom T-Mobile has revealed that it fell victim to a security breach that impacted its customers as well as its employees.

The company provided more details on what occurred in a notification to its customers, saying:

“Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees. An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. We immediately reported this matter to federal law enforcement and are actively cooperating in their investigation.”

• You’ve been hit by a data breach – now what?
• Over a million T-Mobile customers hit in data breach
• Data breaches hitting more companies than ever

T-Mobile is currently sending out SMS notifications to all impacted users, though customers who had just their account data and those who had their financial data exposed are receiving different notifications.

Exposed data

The hackers behind the security breach may have accessed data on T-Mobile employees and some of its customers.

According to the company, names, addresses, phone numbers, account numbers, rate plans and features and billing information may have been obtained by hackers. However, the Social Security numbers, financial account information and government identification numbers of some users were exposed while for others, this data was not exposed.

T-Mobile has not yet said how many users were impacted by the security breach but it has recommended that customers change the personal identification number for their T-Mobile accounts.

This is the second time the US telecom has disclosed a security breach in the past six months. Back in November of last year, T-Mobile disclosed a similar security breach in which a malicious actor was able to obtain the personal data of over a million of its customers.

• We've also highlighted the best antivirus software

Via ZDNet

T-Mobile and Sprint are set to receive the final approval needed to complete their $26 billion merger in the US, it has been reported.

A lawsuit filed in June by the Attorney Generals of 13 states and the District of Columbia had hoped to block the controversial transaction.

They said the deal, which would combine the country’s third and fourth largest operators, would reduce competition and increase prices. The US market is dominated by the four biggest networks, accounting for 98 per cent of all customers.

• Sprint sues AT&T over 5GE claim
• Why T-Mobile Sprint merger would give US a 5G lead
• What is 5G?
• See all the best cell phone plans available right now

Sprint, T-Mobile merger

These concerns have been echoed by consumer groups, trade unions, and Democratic senators, but were not enough to dissuade US regulators from approving the deal and don’t appear to have been enough to sway the judge ruling on this latest suit.

The New York Times says a decision is expected later on Tuesday February 11. The contents of the ruling are not yet known, meaning there could be conditions attached to the approval, but the final barrier to completion would be eliminated.

Sprint and T-Mobile held merger talks more than five years ago, but these collapsed due to competition concerns from the Obama administration. However, the Trump administration has been more receptive.

Both companies said the merger was necessary to end a price war that had harmed investment and to compete with the nation’s two largest carriers, AT&T and Verizon. Sprint & T-Mobile have committed to not increasing prices for three years after completion, while some assets will be made available to Dish Network to create a fourth carrier.

However Sprint & T-Mobile's main argument has centred on 5G.

The bedfellows argue that neither operator has the means to build a national 5G network alone, but the combination of their assets means they could do this more rapidly than anyone else. This is because T-Mobile has long range 600MHz airwaves, whereas its rivals only have mmWave spectrum which offers vast capacity but only within a limited radius.

The new company would be called T-Mobile, have 100 million customers, and would be led by Mike Sievert. Colourful T-Mobile CEO John Legere, a major driving force behind the deal, would step down from his role.

• Here are the best mobile phone deals for February 2020 

Via New York Times

The US telecom T-Mobile has confirmed that it suffered a data breach in which a malicious actor was able to obtain the personal data of over a million of its customers.

Thankfully though, no financial or password data was exposed and the company has alerted affected customers regarding the breach.

The malicious actor was able to obtain the names, billing addresses, phone numbers, account numbers and rate plans and features purchased by T-Mobile's prepaid data customers. The company provided more details on the data breach in a disclosure notice saying:

• T-Mobile continues US 5G crusade with 600MHz call tests
• Macy's hit by customer data breach
• Also check out the best identity theft protection

“Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities. None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.”

Data breach

Although the personal information of over a million of its customers was exposed, T-Mobile disclosed the data breach in a prompt manner but its disclosure notice provided very few details on what actually happened.

TechCrunch asked a company representative to provide more information on the breach to which they said that “less than 1.5 percent” of its customers were affected.

The data breach itself was discovered in early November and shut down “immediately” according to the representative.

The information obtained by the malicious actor is not enough to try and breach users' other accounts since no passwords were exposed, though hackers could try and steal their identities or take over their accounts. T-Mobile customers whose personal information was exposed should also change their passwords just in case.

• Keep your devices protected from the latest cyber threats with the best antivirus software

Via TechCrunch

Several Democrat senators, and the independent Bernie Sanders, have urged US regulators not to approve the proposed $26 billion merger of rival operators T-Mobile and Sprint.

The two companies are the country’s third and fourth largest operators, with a combined customer base of more than 100 million.  Given America’s four largest networks control 98 per cent of the market, the senators fear the reduction to three players will increase prices, harm competition and disincentivise investment.

Their fears are echoed by consumer groups and trade unions, who also fear a negative impact on workers’ rights.

• Sprint sues AT&T over 5GE claim
• Why T-Mobile Sprint merger would give US a 5G lead
• What is 5G?
• See all the best cell phone plans available right now

T-Mobile Sprint

The proposed merger of O2 and Three in the UK was blocked because of competition fears, with antitrust bodies citing the example of increased prices in markets where the number of operators had decreased from four to three.

Sprint and T-Mobile held merger talks more than five years ago, but these collapsed due to competition concerns from the Obama administration. However, the Trump administration is believed to be more receptive.

The two bodies that could approved the deal, the US Justice Department and the Federal Communications Commission (FCC), are conducting their own investigations into the deal, and the group of senators have expressed their concerns to both.

The New York Times suggest there is growing speculation the deal is in doubt. There are two congressional hearings on the subject this week, and Sprint and T-Mobile have pledged not to increase prices for three years after the merger is completed in a bid to get the deal over the line.

But Sprint and T-Mobile’s main argument is 5G. They argue that neither operator has the means to build a national 5G network alone, but the combination of their assets means they could do this more rapidly than anyone else. This is because T-Mobile has long range 600MHz airwaves, whereas its rivals only have mmWave spectrum which offers vast capacity but only within a limited radius.

This could appeal to President Trump, who wants the US to be a leader in the field of next-generation networks. Trump blocked the takeover of Qualcomm by Broadcom last year because of fears it would hand Huawei, and therefore China, in the 5G race.

•  Here are the best mobile phone deals for February 2019 

T-Mobile has completed the world’s first data and video calls on a live 5G network using 600MHz spectrum as it continues to position itself as the only US operator capable of delivering nationwide coverage.

The tests, conducted with partners Ericsson and Intel, also saw T-Mobile deliver a tri-band call with users on different spectrum bands – 600MHz, 28GHz and 39GHz.

T-Mobile is hoping to merge with rival Sprint, arguing the deal will accelerate development of 5G in the US. It claims the combination of its long-range 600MHz spectrum with 28GHz mmWave bandwidth will allow for the creation of a truly national network.

•  Everything you need to know about 5G 

T-Mobile 5G call

It argues its rivals only have mmWave spectrum, which delivers high capacity but has comparatively low range, making it only suitable for urban areas and Fixed Wireless Access (FWA) broadband.

Verizon and AT&T have launched commercial 5G services using mmWave, but coverage of both networks is limited to a few major cities. This is set to expand once the first compatible handsets arrive later this year.

T-Mobile hopes its argument resonates with regulators, given critics are concerned the reduction of four operators to three will reduce competition and harm consumers.

It says it hopes to deliver nationwide coverage by 2020 and is deploying 5G-ready equipment as it upgrades its LTE network. CEO John Legere said the latest tests were a huge step forward for its multi-band 5G strategy.

“While the other guys focus on 5G [mmWave] on a handful of blocks in a handful of cities, we’re building 5G for everyone, everywhere,” he said. “And together with Sprint, we’ll add much-needed spectrum depth, creating a truly transformative 5G network!”

Earlier this week AT&T was widely mocked for issuing a software update to some Android phones so they would display a ‘5GE’ icon when connected to an advanced LTE network. Critics said it was disingenuous to suggest devices were connected to 5G when they were actually using a 4G network and that consumers could be confused.

• Here are the best SIM-free phones of January 2019

T-Mobile USA and Sprint hope that pledges by their parent companies to stop using Huawei’s telecommunications equipment in their other mobile operators’ infrastructure will pave the way for a $26 billion merger to go ahead.

Huawei has effectively been frozen out of the US market, so neither T-Mobile nor Sprint use the Chinese firm’s equipment in their infrastructure, but other operators owned by Deutsche Telekom and Japan’s Softbank do.

Australia has banned its operators from using Huawei equipment in their 5G rollouts on national security grounds, while it has been suggested that the US has been placing pressure on its allies – including Germany and Japan - to take similar action.

T-Mobile Sprint

Reports last week suggested that Deutsche Telekom and Japan’s Softbank were reconsidering the role of Huawei kit across their portfolio and Reuters says the two firms believe this could lead the proposed merger to be approved by the Committee on Foreign Investment in the United States (CFIUS) as early as this week. All parties involved reportedly declined to comment.

The transaction has plenty of implications for the US domestic market, with the number of major players reduced from three to four. The two operators have appealed to regulators by claiming the merger is the only way to rapidly create a truly national 5G network, thanks to T-Mobile’s spectrum holdings.

But this latest development could have ramifications well beyond the US.

The main basis for these security fears is a perception that Huawei is linked to the Chinese government and that the use of the company’s equipment risks the possibility of backdoors that could be used for espionage. These fears are heightened by 5G because of the sensitive information these networks will carry.

Huawei has repeatedly denied such accusations, pointing out that it works with security agencies around the world and that it sells products to more than 500 operators in 170 countries without issue. This includes the UK, where BT, EE, Vodafone and Three are all customers.

There will be little demand among operators for barriers to the use of Huawei kit as this would reduce choice, hinder innovation and increase costs. Last month, Huawei revealed it had shipped more than 10,000 5G base stations outside China and had signed 22 commercial 5G contracts with foreign operators.

•  Here are the best mobile phone deals for December 2018