T-Mobile US Inc. said a hacker obtained data for 37 million customer accounts, though it didn’t include payment information, passwords or other sensitive personal data.
(Bloomberg) — T-Mobile US Inc. said a hacker obtained data for 37 million customer accounts, though it didn’t include payment information, passwords or other sensitive personal data.
The wireless provider said in a federal filing it discovered the hack on Jan. 5 and was able to trace the source and stop it within a day.
The investigation is still ongoing, the company said, but the culprit appeared to obtain the information through a single entry point serving customer data, and doesn’t appear to have breached the company’s systems or network.
The data stolen includes the names, addresses, emails and phone numbers of customers, along with their account numbers and plan details, the company said, adding that credit cards, passwords and Social Security numbers were not accessed. Even without these sensitive data, hackers may still be able to target individual customers for theft, or breach other accounts.
All of the information stolen “is the type widely available in marketing databases or directories,” T-Mobile said in a statement to customers.
“Based on our investigation to date, customer accounts and finances were not put at risk directly by this event,” T-Mobile said in the filing with the US Securities and Exchange Commission.
The company said it alerted law enforcement and has begun notifying customers whose information may have been accessed.
A T-Mobile representative declined to comment beyond what was written in the filing.
The company has faced multiple data breaches in the last few years. In 2021, a hacker stole the personal information, including Social Security numbers and driver’s license information, of more than 13 million active and 40 million prospective T-Mobile customers. The company settled a class-action suit related to that breach for $500 million last year. T-Mobile disclosed breaches in previous years, including 2020.
“Unfortunately, we do see victims get revictimized,” said Jackie Burns Koven, head of cyber threat intelligence at Chainalysis Inc., in a Bloomberg Television interview. “This is not the first data breach that has affected T-Mobile.”
There may be “significant expenses” incurred in connection with this most recent incident, the company said in its filing. It doesn’t expect at this time that it will have a material effect on its operations.
Shares slipped as much as 2% in extended trading.
–With assistance from Scott Moritz and Ed Ludlow.
(Added details from hack from fourth paragraph)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.