Trump Mobile confirms customer data exposed via third-party vendor
The company states its own network was not breached, but is now assessing legal obligations for customer notification following public disclosure by cybersecurity researchers.
Trump Mobile has confirmed that customer personal data, including names, email addresses, mailing addresses, cell numbers, and order identifiers, was exposed to the open internet. The branded mobile service provider attributed the incident to a third-party platform provider supporting certain operations, explicitly stating that its own network and infrastructure were not breached.
Chris Walker, a spokesperson for Trump Mobile, confirmed the details to TechCrunch, noting that the company is currently investigating the scope of the exposure. Walker stated there is no evidence that user content or financial information was compromised or spilled online. The identity of the specific third-party vendor involved has not been disclosed.
The admission follows reports earlier this week that personal data from Trump Mobile orders was publicly accessible on the web. Cybersecurity researchers and high-profile YouTubers, including Coffeezilla and penguinz0, were alerted to the exposure after placing orders for devices from the provider. Both creators stated they attempted to notify Trump Mobile of the issue following the researcher’s findings, but were initially unsuccessful in securing a response.
Trump Mobile described the incident as a data exposure linked to an external partner rather than a traditional security breach of its own systems. The company is now evaluating whether it is legally required to notify affected customers about the incident.
The provider, which is associated with President Trump, continues to assess the full extent of the exposure and the duration for which the data was accessible. No further details regarding the third-party provider or specific mitigation steps have been released at this time.
