T-Mobile said a “bad actor” accessed the personal data of 37 million current customers in a November data breach.
In a regulatory filing on Thursday, the company said the hacker stole customer data including names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and information describing the type of of service they have with the wireless carrier. T-Mobile said no social security numbers, credit card information, government identification numbers, passwords, PINs or financial information were exposed in the attack.
However, that information can be compiled with other stolen or publicly available information and used by scammers to steal people’s identities or money. T-Mobile said it is working with law enforcement and has begun notifying customers whose information may have been breached.
The wireless service provider did not indicate what it could do to remedy the situation. He said it could be hard-pressed for “significant expenses” due to the attack, though the company said it doesn’t expect the charges to have a material effect on T-Mobile’s results.
After T-Mobile (TMUS) learned of the data breach, the company said it hired an external cybersecurity team to investigate. T-Mobile (TMUS) was able to discover the source of the breach and stop it one day after the attack was discovered. The company says it is continuing to investigate the breach, but believes it is “fully contained.” He also noted that T-Mobile’s (TMUS) systems and network do not appear to have been hacked.
“The protection of our customers’ data remains a top priority,” T-Mobile said in a statement. “We will continue to make substantial investments to strengthen our cybersecurity program.”
The company noted that it began a “substantial multi-year investment” in 2021 to improve its cybersecurity capabilities and protections.