Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

T-Mobile announces data breach affecting 37m customers

Telco T-Mobile has revealed via a financial filing that a hacker has accessed the personal data of around 37 million customers.

user icon David Hollingworth
Fri, 20 Jan 2023
T-Mobile announces data breach affecting 37m customers
expand image

The company does not supply a hard figure of the individuals affected, nor has it yet made any other announcement regarding the breach.

The SEC report says that the incident occurred on 25 November last year, when a hacker gained access to an internal network via a vulnerable API. No credit card data was accessed, nor social security numbers or other government ID numbers. What was breached, however, were names and addresses, dates of birth, emails, phone numbers, and T-Mobile account details.

The company says it acted fast, and within 24 hours, the actor had been shut out of the system with the assistance of an external security company.

============
============

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” T-Mobile said in the filing, which was dated 19 January.

The company is now working with federal agencies and law enforcement on the matter and has begun contacting affected customers of the breach. T-Mobile also notes that the breach is likely to affect the company’s bottom line.

“We may incur significant expenses in connection with this incident,” the report notes.

Based on the company’s last data breach, this may be an understatement. T-Mobile paid out $350 million in July 2022 to settle a lawsuit that sprang from a breach in 2021 that saw 100 million customers affected. In that case, social security numbers and driver’s license details ended up for sale online.

The company was also ordered to spend $150 million on improving its “data security and related technology” at the time, a process, which the most recent filing notes, is continuing to be worked on.

We can only hope that work actually improves, for the sake of T-Mobile’s customers and investors.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.