T-Mobile said on Thursday that a hacker had collected data, including names, birth dates and phone numbers, from 37 million customer accounts, the corporate’s second major breach in lower than two years.
In a securities filing, T-Mobile said it first discovered that a “bad actor” was obtaining the information on Jan. 5. With help from outside cybersecurity experts, the mobile service provider stopped the leak the following day, it said.
The corporate said there was no evidence that its systems or network had been compromised, adding that the mechanism the hacker exploited didn’t provide access to more sensitive information similar to Social Security numbers, government identification numbers, or passwords or payment card information.
“We understand that an incident like this has an impact on our customers and regret that this occurred,” T-Mobile said in an announcement.
The exposed information included names, billing and email addresses, phone numbers, birth dates, T-Mobile account numbers, and data similar to the lines on an account and plan features. Lots of the accounts didn’t include all of that data. The corporate said it has began to notify among the affected customers in accordance with state and federal requirements.
T-Mobile said it was continuing to research the exposure and had notified the federal authorities. The corporate said it believed that the hacker first began retrieving data on Nov. 25 through an application programming interface, a typical little bit of code that permits software to speak with other software.
A cyberattack in 2021 exposed data from nearly 77 million T-Mobile customer accounts, including names, Social Security numbers and driver’s license information. Because of this, the corporate agreed each to pay $350 million to settle customer claims and to spend $150 million to reinforce its cybersecurity practices and technologies.
In Thursday’s filing, T-Mobile said it had “made substantial progress to this point” on those upgrades. It also acknowledged that it could face “significant expenses” from the most recent breach.