T-Mobile Confirms Data Breach Of 37 Mln US Customer Accounts

tmobile jan20 lt

T-Mobile US, Inc. in a regulatory filing confirmed that it has suffered a cyber attack, in which data for approximately 37 million current postpaid and prepaid customer accounts were stolen.

According to the company, there is currently no evidence of breach or compromise to its systems or network.

The telecom major is in the process of informing impacted customers that a bad actor used a single Application Programming Interface or API to obtain limited types of information on their accounts.

In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the impacted API was able to provide some basic customer information, including name, billing address, email, phone number, date of birth, T-Mobile account number and information regarding the number of lines on the account and plan features.

However, no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.

T-Mobile said that on January 5, it identified that a bad actor was obtaining data through a single API without authorization.

The company, through an investigation with external cybersecurity experts, were able to trace the source of the malicious activity and stop it within 24 hours. The investigation is still ongoing, but the malicious activity appears to be fully contained at this time.

It is now believed that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.

T-Mobile said it has notified certain federal agencies about the incident, and are concurrently working with law enforcement. The company at present does not expect that the incident will have a material effect on its operations.

The company said, "We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program."

For comments and feedback contact: editorial@rttnews.com

Business News

Editors Pick
Ford Motor Co. has once again raised the price of its popular F-150 Lightning electric pickup truck after the automaker resumed its production that was halted following electric vehicle battery fire incident. The company will also resume shipments of the Lightning this week, reports said. Paducah, Kentucky-based Higdon Outdoors LLC is recalling certain battery packs and replacement batteries citing fire and/or burn hazards, the U.S. Consumer Product Safety Commission said. The recall includes lithium-ion battery packs and replacement batteries on XS Series Pulsators, Swimmers, Crazy Kicker, and Flasher motion decoys used for waterfowl hunting. New York-based Delta Enterprise Corp. is recalling about 43,380 units of 2-in-1 outdoor kids swings citing fall hazard, the U.S. Consumer Product Safety Commission said. This recall involves 2-in-1 Outdoor Kids Swing with model numbers SW86508MM, SW86516MN, SW86575MM, SW86576MN and SW86577PW.
Follow RTT