Advertisement
Supported by
The breach exposed information like names, addresses and phone numbers and lasted more than a month, the company reported in a securities filing.
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.
T-Mobile said on Thursday that a hacker had collected data, including names, birth dates and phone numbers, from 37 million customer accounts, the company’s second major breach in less than two years.
In a securities filing, T-Mobile said it first discovered that a “bad actor” was obtaining the data on Jan. 5. With help from outside cybersecurity experts, the mobile service provider stopped the leak the next day, it said.
The company said there was no evidence that its systems or network had been compromised, adding that the mechanism the hacker exploited did not provide access to more sensitive information such as Social Security numbers, government identification numbers, or passwords or payment card information.
“We understand that an incident like this has an impact on our customers and regret that this occurred,” T-Mobile said in a statement.
The exposed information included names, billing and email addresses, phone numbers, birth dates, T-Mobile account numbers, and information such as the lines on an account and plan features. Many of the accounts did not include all of that data. The company said it has started to notify some of the affected customers in accordance with state and federal requirements.
T-Mobile said it was continuing to investigate the exposure and had notified the federal authorities. The company said it believed that the hacker first started retrieving data on Nov. 25 through an application programming interface, a common bit of code that allows software to communicate with other software.
A cyberattack in 2021 exposed data from nearly 77 million T-Mobile customer accounts, including names, Social Security numbers and driver’s license information. As a result, the company agreed both to pay $350 million to settle customer claims and to spend $150 million to enhance its cybersecurity practices and technologies.
In Thursday’s filing, T-Mobile said it had “made substantial progress to date” on those upgrades. It also acknowledged that it could face “significant expenses” from the latest breach.
Advertisement
Leave a Reply