• By -


The worst part is that T-Mobile forces consumers to use a debit card to receive auto-pay discount which is much more dangerous in the event of a breach. This is NOT OK for a company that loses all of their customer's data each and every year.


You think these carriers would learn. Especially after the increased rate of sim swapping. Bunch of lazy profit chasing ghouls


They don’t learn because there is little to no monetary incentive for their incompetence within the US market.


Why learn when the only punishments are pittance fines? Way cheaper to just plow forward when you're industry leading.


Not trying to shill as I'm sure MySudo works for this too, but I gave TMobile a Privacy dot com card. By default it can ONLY be used with the first company to bill it, TMobile in this case, AND I set a limit so it can only be my bill +$100/month. Shouldn't have to do this at all, but it works and I still have auto-pay. Also great for companies that don't do Apple/Google Pay and want an actual card. I'm Art Vandalay as far as Wendy's knows, John Doe to Burger King, and so on. Card addresses are fake too as Privacy dot com just says "yes" to any address given.


Not true for me. I've used Privacy for years. I tried that, it said it needed to be a debit card. Used to work but they changed it about 6 months ago. One of the many reasons I left TMobile. The other was my SSN and DL# was found on the dark web. TMobile doesn't care about any of this. The "settlement" in the class action case was like $30. Really.


Huh, I use mine and get my autopay discount... They've been doing debit cards too for a while IIRC.


I’m pretty sure it’s more than once a year at this point


I used the tmo money with no overdraft protection for this very reason.


I didn't want to give them more info. Had reps confirm multiple times that my Privacy dot com card worked with auto pay and it does so I'm all set. At most, if someone gets my card, they can spend my monthly bill +$100 and only at TMobile since the card is locked to TMobile.


Yeah, so did I, until that got hacked, even though I only used it at T-Mobile. The dispute process was just crazy. First and last time I used a fintech bank.


Same happened to me! Only debit card I've ever had hacked.


Err.. EVERY bank is a fintech bank....


I was fortunate enough to be able to set up a specific account number that only t-mobile has the account details of. I couldn’t believe they thought it was OK to get direct access into my bank in order to maintain my discounts. Thankfully- if that account number were to be compromised, all I have is the amount required to pay my bill and maybe a few dollars extra.


It’s no longer about the customer ever since the sprint merger, it’s all about profit. Count me out.


I think it's time to form a class action for cumulative breaches (if that's thing)!


Which is why I still use my credit card. You think I'm gonna let a company that's had like ten breaches in the last ten years have direct access to my bank account? Lol no. What's even scummier is the store employees will tell you prices based on the autopay discount but don't mention it once.


I use an actual account number for mine and not a debit card.


Well, glad you made me aware. Before I had re-signed up for Tmobile, I was & still am using a 3rd party service with a small Tmobile memory sim. I think I'm going back to that now that this little company has unlimited data plans for less and the ability to turn them on & off as you wish. I will continue to use a cash back credit card versus a debt auto pay discount for the few months more that I need Tmobile while traveling coast to coast. :)


You realize att and Verizon both have breaches that go unreported right? They also don't give discounts with credit cards Also you are not forced to use a debit card you just get the auto pay discount because of credit card fees.


Yeah but T-Mobile gets beached every couple months basically. They really don’t take cyber security that seriously.


Can confirm, I found a very basic XSS on one of their hotspot product and took over months to fix. It's probably because it has less impact, but it shouldn't have happened in the first place.


That's exaggerating and you know it, and yes they do that's why they publicy share when it happens rather than try and sweep under the rug. ATTs last one was just on march.


So then, why haven’t any of my details of their ‘breaches’ appeared on the dark web? Only one carrier has managed to leak my SSN, DOB, Drivers License, address, phone numbers attached to the account simultaneously.


Maybe you don't have their service?? Try looking up every thing sith a simple Google search, they've been breached mutlit0le times and just aren't as open about it. Really it's moronic to think otherwise.


Third party vendor .... that T-Mobile hired and shared user data with.. lol they're still responsible.


Exactly. Effectively there is no difference.


"How was I supposed to know that our business partners at Paper Bag Security couldn't be trusted with literally all of our sensitive records?"


Exactly what I thought. They are like its not us, its the 3rd party we gave all your data to!






Doesn’t matter how they handle or how many layers of subs or third parties they hire… they’re still responsible. 


Using that logic any breech is ultimately your own responsibility since you provided the information to them in the first place.


T-Mobile took the money. T-Mobile is responsible. Bottom line.




They’re always responsible. Consumers have a commercial relationship with T-Mobile. T-Mobile can’t - after something goes wrong - tell the consumers that it’s not their fault and to go after a random third party T-Mobile hired. How it works is T-Mobile is responsible and accountable to its consumers … and T-Mobile can go after the third party to recover its costs if they’ve screwed up.




It absolutely does make them responsible for the breach and any damages to consumers. They're the ones who made the decision to outsource. I don't see how you can construe them as not being responsible.




I have a lot of idea. Yes, they use third party vendors where it's more convenient or cost effective. I'm not saying they don't. I'm just saying that fact doesn't absolve them of their responsibilities. They're still responsible for their customer's data and any damages and claims from their customers resulting from a breach.


Please don’t work in security.


Lmfao yearly T-Mobile breach at this point


Credit monitoring should be a standard add-on due to all the breaches.


Not even an add-on, just part of the base plan. "T-Mobile Magenta Credit monitoring built into every plan we sell."


True, I stand corrected.


Yeah…that’d bea great excuse to do…price increase for all!


Identity theft up to 1m was added to p360


How about just protect the day????


Make it a T-Mobile Tuesday price that happens yearly, like MLB.


A small price increase should fix this.


Ah, I see we are at the annual release of everyone’s information again. Honestly this company needs to be sued into oblivion for their complete lack of security protocols.


Oh Dear Lord !!!!! There is no saving yourself from a breach at TMobile.




t-mo isn't breachED if they are continuously in a state of breachING


Deer Lord will save you.


Figuring out how to avoid being impacted by T-Mobile breaches is like digging through Facebook privacy settings over and over again. As they find loopholes to sell your data.


Now they are just the un-secure carrier.


The 3rd party was Confluence, they gained temporary access to the admin panel function. Confluence is basically a knowledge base and forum popular in the developer community. It's very likely that there are tickets with source code data dating back as long as they've had confluence including current and upcoming bug fixes that could be used to exploit the infra. It's kind of a game on words to say they were not "hacked", because they were. The actor just did not have direct access to internal servers.


I did setup an account just for the t-mobile payment and t-mobile is the only one with my debit information. Surprise, I was contacted for someone using my debit information in a state that I have never been to and is over 1000 miles away. Fortunately my bank caught this, declined the charge and alerted me, No word from t-mobile that they were hacked. Is it possible that this is insiders? I have had chats with them through the app that are no longer part of the history in their system. They must not have liked what the person said I could do or that I used the information against other telling me something different. The next people I contacted said that it is impossible to delete from their chat. An admin can do this. Fortunately I have screen shots as proof. Bring back the previous CEO and get some ethics on how to run a company.


Hahaha..he got his golden parachute and is enjoying his $$$.


Cue the TMO employees coming to this SubReddit to defend their employers for a shot at winning a trip to Hawaii. It's almost as if all the complaints we all have raised about this company have been 100% spot-on and weren't actually just a few disgruntled customers venting. Who knew?!


We aren't allowed to say anything negative here


They sure do butch and moan about their commissions and shoddy upper-management... I guess that doesn't count as negative???


Is this just a forum for employees to gloat about their shady marketing techniques, commission rates, and collaborate ideas on how to promote TMO-Tuesdays? I'm confused now.


Seems like it


When they forced the change I got a debit card only for T-Mobile, only ever shared and used at T-Mobile, and it was charged about 8 hours ago from someone not T-Mobile. The amount was close to my previous bill but not exactly.


Huh, I was wondering why it’s been half a year without a T-Mobile hack


Pardon me for not believing TMobile at the moment, especially while they are still investigating it.


And why did you give data to a third party? Sorry, but that is still your fault.


Here we go again?


T-Mobile denies that it exists, points finger at "alleged" customers with "active imaginations"


They always do…that’s why I didn’t want to attach my debit card.


“…this could be the carrier’s third data breach in three years.” And they think it’s still ok to only offer auto-pay discounts *when I link my payments to my actual checking account*. *laughter* What children are these people? Wait until the cyber thieves figure out how to obtain bank account numbers and *then* you’ll actually *be sued into oblivion*.


Got people upset last time I said it, but Credit Bureaus shouldn't use Socials as unique identifiers that can be breached. They should have to create their own numbers, so if there's a breach it's easier to contain.


Everything I say here is just an opinion, obviously I have no access to the actual facts of the various matters I discuss. Tmobile seemed like a top flight company 14 years ago. My new metric for corporate rot is when they move customer support offshore. Doing that is a statement. That may also mean they have moved things like software development offshore. Then infrastructure / network admin. Coupled with the general lack of competence I see in all customer facing roles in all but the very smallest companies, I've lost faith in corporate America. Given that the new standard is "Give us your bank account, let us have full access to take what we want, and we will give you back your payment discount", I'm beginning to think some manager in Tmobile may be in cahoots with the wrong people. I really don't know anymore. All I see is erosion of customer rights and safeguards.


Of course, T-mobile was not originally a US based company in the first place!


DT bought the original US based company and changed name to TMO.


Oh, my mistake. Thought it was the other way around.


lol. I forgot about that. I found it to be the best choice at the time. It says something, I guess, that a foreign company was the best choice for me then.


Used to be Voicestream before Deutsche Telekom bought them.


Then they renamed it to T-mobile, right?


I refuse to give my bank account info or a debit card for auto pay so i am now paying $5 per line ($20) more a month because my personal data has been hacked twice in last 10 years with TMO. It is not if but when. Not fair. I asked them if they could guarantee my account security and they could not. Since then ive been notified my rates are raising $5 per line just because. I’m going back to Verizon. Bye bye former un carrier now poster child for carrier.


I switched to a MVNO, paid 250 for a year of service, never coming back.


Fricken breached AGAIN!?!?!?!?


This is exactly why I was pissed when they made me use my debit card for autopay to retain my $5/line discount. Fucking ass knuckles!


I realized T-Mobile does not even use something like stripe. Lmao these dudes are horrendous


Seems like they have some form of a data breach every other year


Well there were a lot of people in here saying that you shouldn’t worry about your debit card or draft information being stolen because it’s a 3rd party processing the information well now look they’re being blamed for it 😂


Shocker, I guess more free credit monitoring that is free anyway, and the government regulators will make some fine $.


Sounds familiar


But please provide your Debit card or checking account data.


T-Mobile is a fu*king joke @ this point… nothing but lies from customer service (phone/chat & T-force), horrendous service even when the service shows full bars, raising prices, elimination of all benefits, data breach every other day… 👋


Might be exaggerating just a bit...


Ah yes, the yearly data breach by TMO.. But dont worry, were getting better at hiding it from our customers. I mean fixing the issue. were sooo close to a fix. Now that we raised prices, we can get that patch out sometime before 2030.


Aren't bank account transactions tokenized when payments are made.


Not with T-Mobile. They freely give those out. T-mobile Tuesday gift to hackers


Tmobile isn't working much...1 bar lol


When I still worked at TMo some kind of data breach happened almost monthly but was never publicly shared. Lot of “INTERNAL ONLY” emails.




That’s why when I couldn’t get the discount for paying via credit card any longer, I made a bank account that I only use to pay my T-Mobile bill. I (automatically) transfer my monthly bill to it, a couple days before bill is due each month.


At this rate we’ll all have identity theft protection for life. Every breach 2 years. They have a breach every year. It’ll be like us collecting the on us lines. SMH


Hi T-mobile, I paid my bill, sorry my credit card company didn’t pay you. Knock on their door. It’s no longer my problem. Bye.


Anyone who uses T-Mobile is asking for it at this point absolutely trash company


Well how did a credit union get breached recently? It’s happening all over not just to T-Mobile.


I wonder if you can use a Privacy.com card as a debit card.




Please not more security measures. No one knows how to operate a yubikey as it is.


oh god, this shit again?!


What's ironic as an ex-TMO employee, after the first breach they had so many hoops and ladders to go through to write APIs that there is no reason this should have happened. You darn near had to beg directors for API keys. Oh yeah, it was outsourced to a 3rd party...


If all of you have been through these breaches before why are you still with T-Mobile? Saying things like “annual T-Mobile breach of our data” yet choosing to stay with that company is kinda on you then too. Att and Verizon have breaches too. Go check.


You just answered your own question.


Be protected from further T-Mobile data breaches with the new Go5G Plus Max Ultra (with Data-lock!) for the low price of $199/mo/line!


You may blame 3rd party T-Mobile, but you contracted with that third party and it is up to you to do due diligence, third party risk management, cybersecurity assessment and audits. It’s on you also. Figure out how to execute on your risk management plan.


No worse than AT&T breaches.


What about what about what about… Oh no, the corporation you are emotionally attached to f’d up again. Better haul out your book of excuses for them.


Bunch of Tmo haters here. Same shit happens with many company’s, but God forbid you say that when they’re ragging on Tmo smh


Truth When I worked for At&t years ago, it happened all the damn time. They just don't tell anyone. All carriers get breached or up their prices at some point. T-Mobile's "mistake" is being too open about it.


This attitude or mindset as a business is not only disappointing and disheartening as a day 1 customer and watching them decline in how they show their poor business practices without worry tells me they have learned nothing from the 3 major breaches from 2020 to 2024 let alone the ones we dint hear about and it will absolutely happen again because it starts with accountability. I am a tad more invested as I work with the big 3 as well as MVNO'S whether related or not. However, I dont work for any of them directly, I am subbed out for particular security purposes and field work. Aside from the unfortunate fact that this digital landscape we are in today, between AI moving to fast & a laundry list of other things, but these carriers focused on the money rather than improving infrastructure while seeing a real divide in what higher ups want and what the technical side needs and it's worth mentioning that the retail side catches alot of nonsense as well, the bottom line is things are looking bad for the consumers/customers, US, that keep them in business. Lots of shady things I see 1st hand from store managers to corporate and sh*t rolls downhill. Our privacy , which it basically already is out the door but these breaches and carelessness with our data that " bad actors" so they say will continue to end up in data brokers hands and again, I am personally not hopeful this will ever get better or change. Its past that point of turning it around, they will keep the status quo and internally continue to throw money at the issues without actually fixing them. Excuse my bit of a rant, but as careful as I am for Tmobile to out me in a identity theft situation and then seeing this post, is frustrating to say the least as I am a tad invested on 2 fronts, however none of them are truly better than the other. It's the lesser of the evils at this point.again, apologies, this struck a nerve.


There is no war in ba sing se


Ugh, I wonder who the 3rd party was?


If third party not disclosed then no third party was involved

