T-Mobile Confirms Data Breach Of 37 Mln US Customer Accounts
T-Mobile US, Inc., in a regulatory filing, confirmed it suffered a cyberattack in which the data of approximately 37 million current postpaid and prepaid customer accounts was stolen.
According to the company, there is currently no evidence of any breach or compromise of its systems or network.
The telecommunications major is in the process of notifying affected customers that a malicious actor used a single application programming interface or API to obtain limited types of information about their accounts.
In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the affected API was able to provide certain basic customer information, including name, billing address, e- email address, phone number, date of birth, T-Mobile account number, and information regarding the number of lines on the account and plan features.
However, no passwords, payment card information, social security numbers, government identification numbers, or other financial account information were compromised.
T-Mobile said on Jan. 5, it identified a bad actor obtaining data through a single API without permission.
The company, through an investigation by external cybersecurity experts, was able to trace the source of the malicious activity and shut it down within 24 hours. The investigation is still ongoing, but the malicious activity appears to be fully contained at this time.
The bad actor is now believed to have first retrieved the data via the affected API on or about November 25, 2022.
T-Mobile said it notified certain federal agencies of the incident and is simultaneously working with law enforcement. The company does not currently expect the incident to have a material effect on its business.
The company said: “We understand that an incident like this has an impact on our customers and regret that it has happened. Although we, like any other business, are unfortunately not immune to this type of incident. of criminal activity, we plan to continue to make , multi-year investments in strengthening our cybersecurity program.”
For comments and feedback, contact: [email protected]