T-Mobile Confirms Data Breach Of 37 Mln US Customer Accounts

tmobile jan20 lt

T-Mobile US, Inc. in a regulatory filing confirmed that it has suffered a cyber attack, in which data for approximately 37 million current postpaid and prepaid customer accounts were stolen.

According to the company, there is currently no evidence of breach or compromise to its systems or network.

The telecom major is in the process of informing impacted customers that a bad actor used a single Application Programming Interface or API to obtain limited types of information on their accounts.

In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the impacted API was able to provide some basic customer information, including name, billing address, email, phone number, date of birth, T-Mobile account number and information regarding the number of lines on the account and plan features.

However, no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.

T-Mobile said that on January 5, it identified that a bad actor was obtaining data through a single API without authorization.

The company, through an investigation with external cybersecurity experts, were able to trace the source of the malicious activity and stop it within 24 hours. The investigation is still ongoing, but the malicious activity appears to be fully contained at this time.

It is now believed that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.

T-Mobile said it has notified certain federal agencies about the incident, and are concurrently working with law enforcement. The company at present does not expect that the incident will have a material effect on its operations.

The company said, "We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program."

For comments and feedback contact: editorial@rttnews.com

Business News

Editors Pick
Ride-hailing and delivery platform Uber Technologies, Inc. reported Wednesday weak profit in its fourth quarter, while adjusted EBITDA surged from last year with strong revenue growth above market view. Gross bookings increased and the company projects higher gross bookings in the first quarter. Nelson Chai, CFO, said the company significantly exceeded profitability outlook in 2022, ... Societe Generale Group reported Wednesday a weak profit in its fourth quarter, despite higher net banking income. Further, the French Financial services major proposed a dividend and around 440 million euros share buyback program. The company also confirmed fiscal 2025 financial targets. City of Industry, California-based Titans Global Inc. is recalling certain JSJ branded cakes citing potential to contain undeclared eggs, a known allergen, the U.S. Food and Drug Administration said. The recall involves its 95g packages of JSJ Chocolate Cake, JSJ ZSR Cake, and JSJ DMC Leaf Cake food treats.
Follow RTT