T-Mobile Says Hacker Got Data From 37 Million Customer Accounts

T-Mobile said on Thursday that a hacker had collected data, including names, birth dates and phone numbers, from 37 million customer accounts, the company’s second major breachIn less than two years.

In a securities filing, T-Mobile said it first discovered that a “bad actor” was obtaining the data on Jan. 5. T-Mobile said the leak was stopped by cybersecurity experts and it did so the next day.

According to the company, there is no evidence of a breach in its network or systems. The hacker’s exploit did not allow access to sensitive information like Social Security numbers or government identification numbers.

“We understand that an incident like this has an impact on our customers and regret that this occurred,” T-Mobile said in a statement.

Names, billing addresses, email addresses, phone numbers as well as birth dates and T-Mobile account numbers were exposed. Other information included information like account lines and plan features. Many accounts didn’t contain all the data. According to federal and state requirements, the company has begun to notify affected customers.

T-Mobile stated that it was still investigating the incident and had notified federal authorities. According to T-Mobile, the hacker was first able to retrieve data via an application programming interface (a bit of code that allows software and other software to communicate).

A cyberattack in 2021 exposed data from nearly 77 million T-Mobile customer accounts, including names, Social Security numbers and driver’s license information. The company settled customer claims with $350 million and spent $150 million on cybersecurity improvements and technologies.

In Thursday’s filing, T-Mobile said it had “made substantial progress to date” on those upgrades. It also acknowledged that it could face “significant expenses” from the latest breach.