Skip to content

Telecom data of over 74 million US citizens leaked since January 1

  • by
  • 2 min read

Six attacks have happened since January 1, 2023, where threat actors breached US telecom providers or their partners, leaking over 74 million US citizens’ telecom data, according to Cyble Research and Intelligence Labs.

These attacks include the following:

  • January 5, 2023: Clop ransomware gang targeted CGM LLM, a US SaaS provider and leaked screenshots of identification submitted by people willing to participate in the Affordable Connectivity Program. 
  • January 6, 2023: Intelbroker claimed to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T customer records. The threat actor shared five million records for free on a hacking database as a sample. 
  • January 18, 2023: Intelbroker offered to sell 550,000 records of Charter Communication users, eventually leaking the database for free on January 26. 
  • January 19, 2023: An unknown threat actor exploited vulnerabilities in T-Mobile’s API, leading to Personally Identifiable Information (PII) of nearly 37 million customers being leaked. This also led to targeted SIM-swapping attacks on Google Fi, which uses T-Mobile as its primary operator. 
  • January 27, 2023: Intelbroker leaked a database containing 7.5 million Verizon client records for free. The database only contained first names, device types and service plans. Verizon later stated that the breach happened at a third-party vendor that creates videos to assist clients. 
  • February 1, 2023: Intelbroker shared a database containing 144,000 US Cellular client records containing PII.
What is a Teardrop attack and how to prevent it? | Candid.Technology

Most of the breaches mentioned above occurred at a third-party vendor providing some service to the main company. However, even though these vendors don’t have complete databases, these breaches can lead to supply-chain attacks and increase the number of affected users and organisations worldwide. 

Additionally, scammers and other threat actors often combine data leaked from multiple sources, including publicly available information, to piece together victim profiles and carry out identity theft attacks, financial fraud, extortion, or harassment.

While most companies react to incidents by hiring auditors for investigations, information security companies for data protection and offering short-term credit protection plans to impacted users, these are reactive measures. In addition to proactive monitoring, Cyble’s report states a few security policies and procedures that can lower the risk for everyone involved. 

In the News: Reddit hackers get away with source code and internal documents

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: