37 million customers’ data stolen in the November breach
A “bad actor” stole personal information from about 37 million T-Mobile customers in a November data breach, the company said Thursday.
In a filing with the US Securities and Exchange Commission, T-Mobile said the hack was discovered on January 5. The unidentified hacker (or hackers) obtained data from around November 25 through a simple application programming interface, the company said.
The malicious intruder gained access to a “limited set of customer account data” – including names, addresses, emails, phone numbers and dates of birth.
T-Mobile said that, based on its investigation to date, “customer accounts and finances were not directly compromised by this incident.” No credit card information, passwords, social security numbers, government ID numbers or other financial account information was exposed in the breach, T-Mobile said.
Cuts in the company:Google will lay off 12,000 employees, the latest tech giant to cut thousands of jobs
More:Amazon cancels charity donation program that raised nearly $500 million as layoffs continue
After learning of the breach, T-Mobile said it “immediately began an investigation with external cybersecurity experts” and was “able to track down the source of the malicious activity and stop it” within a day.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time and there is currently no evidence that the bad actor was able to breach or compromise our systems or network,” said T- Mobile in its Thursday. archiving.
The company added that it has notified law enforcement and federal agencies, which were not mentioned in the filing.
Will T-Mobile notify customers affected by the breach?
In a press release Thursday, T-Mobile said it was currently in the process of notifying customers affected by the breach.
“We understand that an incident like this has an impact on our customers and apologize that this happened,” T-Mobile said. “We plan to continue to make significant, multi-year investments to strengthen our cybersecurity program.”
Database:40 million Americans’ health data is stolen or exposed each year. See if your provider has been breached.
Thursday’s filing noted that T-Mobile may “incur significant expenses” because of the hack. But the company said it did not expect the incident to have a “material effect” on its operations.
History of breaches at T-Mobile
November’s breach doesn’t mark the first time T-Mobile customers have had their data stolen.
In July, T-Mobile agreed to pay $350 million to settle a class-action lawsuit after the company disclosed in August 2021 that personal data — including social security numbers and driver’s license information — had been stolen. More than 76 million US residents were affected.
In the settlement, T-Mobile also said it would spend at least $150 million through 2022 and 2023 “for data security and related technology.”
Prior to August 2021, customer information was accessed in breaches that T-Mobile disclosed in January 2021, November 2019, and August 2018.
What is everyone talking about? Sign up for our trending newsletter to get the latest news of the day
“While these cybersecurity breaches may not be systemic in nature, the frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers,” Moody’s Investors Service senior analyst Neil Mack said in a statement sent to The Associated Press – notes that the latest breach raises questions about management’s cyber governance and could alienate customers, as well as attract scrutiny from regulators.
In Thursday’s filing, T-Mobile noted that it began a “significant multi-year investment” to improve cybersecurity in 2021.
Contributor: Associated Press.
