A “bad actor” stole the personal information of approximately 37 million T-Mobile customers in a data breach in November, the company said on Thursday.
In a filing with the US Securities and Exchange Commission, T-Mobile said the hack was discovered on Jan. The unnamed hacker (or hackers) obtained data from Nov. 25 through a single application programming interface, the company said.
The malicious attacker accessed a “limited set of customer account data” – including names, addresses, emails, phone numbers and dates of birth.
T-Mobile said that based on its investigation to date, “customer accounts and finances were not directly jeopardized by this event.” No credit card information, passwords, Social Security numbers, government identification numbers or other financial account information was exposed in the breach, T-Mobile said.
Job cuts in the company:Google to lay off 12,000 employees, the latest tech giant to cut thousands of jobs
More:Amazon ends charitable giving program that raised nearly $500 million as layoffs continue
After learning about the breach, T-Mobile said it “immediately launched an investigation with outside cybersecurity experts” and was “able to trace the source of the malicious activity and stop it” within a day.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the malefactor was able to breach or compromise our systems or our network,” T-Mobile said in its statement on Thursday. -fair. archive.
The company added that it notified law enforcement authorities and federal agencies, which were not identified in the filing.
Will T-Mobile notify customers affected by the breach?
In a press release on Thursday, T-Mobile said it was currently notifying customers affected by the breach.
“We understand that an incident like this has an impact on our customers and we regret that this has happened,” T-Mobile said. “We plan to continue to make substantial, multi-year investments to strengthen our cybersecurity program.”
Data base:40 million Americans’ health data is stolen or exposed each year. See if your provider has been breached.
Thursday’s filing noted that T-Mobile may “incur significant expenses” because of the hack. But the company said it did not expect the incident to have a “material effect” on its operations.
History of T-Mobile Violations
The November breach does not mark the first time that T-Mobile customers have had their data stolen.
In July, T-Mobile agreed to pay $350 million to settle a class-action lawsuit after the company disclosed in August 2021 that personal data — including Social Security numbers and driver’s license information — was stolen. More than 76 million US residents were affected.
In the deal, T-Mobile also said it would spend at least $150 million through 2022 and 2023 “for data security and related technology.”
Prior to August 2021, customer information was accessed in breaches disclosed by T-Mobile in January 2021, November 2019, and August 2018.
What is everyone talking about? Sign up for our trending newsletter to receive the latest news of the day
“While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming exception to telecom peers,” Moody’s Investors Service senior analyst Neil Mack said in a statement sent to the Associated Press — noting that the latest breach raises questions about management’s cyber governance and could alienate customers as well as attract scrutiny from regulators.
In Thursday’s filing, T-Mobile noted that it has begun a “substantial multi-year investment” to improve its cybersecurity in 2021.
Contribution: Associated Press.
