Wireless carrier T-Mobile discovered a network breach on Jan. 5 that resulted in data being stolen from over 37 million customers. After their investigation concluded, T-Mobile announced that no passwords, payment card information, social security numbers, government ID numbers, or other financial account information was compromised.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” T-Mobile said in a statement.
The hacker reportedly used a single Application Programming Interface (API) in order to obtain limited information about T-Mobile users. The potentially leaked information includes name, billing address, email address, phone number, date of birth, account number, and information about the number of lines on an account and service plan features.
T-Mobile shut down the threat within 24 hours after it was identified. The largest wireless carrier in the US also said it blocked hackers from stealing more serious customer information.
“Our systems and policies prevented the most sensitive types of customer information from being accessed,” the statement said. “And as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”
Even though there’s also no evidence to suggest that the hacker breached T-Mobile’s system or network, T-Mobile alerted customers for transparency.
This was not the first data breach T-Mobile has suffered. T-Mobile also faced breaches in 2021, 2018, and 2019. The 2021 breach resulted in T-Mobile paying out over $350 million to customers who filed a class-action suit after personal information like social security numbers were stolen in the attack. It was reported that the breach affected 80 million customers.
“We understand that an incident like this has an impact on our customers and regret that this occurred,” T-Mobile said. “While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”