Customer data from 37 million T-Mobile accounts was stolen late last year, the company disclosed Jan. 19.
While no Social Security numbers or financial account information was taken, customer names, account numbers, billing addresses, birth dates, emails, phone numbers and information such as the number of accounts and service plan features were stolen, according to the company, among the three largest U.S. wireless carriers. The breach potentially affects roughly a third of T-Mobile’s customer base.
In a filing with the federal Securities and Exchange Commission, T-Mobile wrote that it “promptly commenced an investigation with external cybersecurity experts, and within a day of learning of the malicious activity, we were able to trace the source ... and stop it.” The company said it believes the hacker first accessed the data trove on or around Nov. 25.
“The malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” said T-Mobile, adding that its investigation is continuing.
But while T-Mobile is not the only company, cellular or otherwise, to experience massive data spills in recent years, this latest rupture was its second major security leak in less than 24 months. In August 2021, T-Mobile revealed that hackers stole personal data on more than 40 million U.S. customers, a figure subsequently revised upward to nearly 77 million.
Why a data breach matters
Information powers the fraud industry. Without names, credit card info, email addresses, passwords, Social Security numbers or other personal data, a scammer cannot reach you or pretend to be you.