T-Mobile has admitted that hackers were able to steal the information of about 37 million postpaid and prepaid customers in another major data breach. The operator said in a regulatory filing that he discovered the problem on January 5, but that he believes the bad guys had been taking data from the company since November 25. In a post announcing the breach, T-Mobile revealed that the hackers used an API to steal customer information.
Although the company was able to contain the problem within 24 hours of discovering the malicious activity, the criminals had access to their data long enough to steal people’s names, billing addresses, emails, phone numbers, and email addresses. birthday. They were also able to obtain users’ account numbers and information about their plans, such as the number of lines they have. However, T-Mobile said it found no evidence that its network or systems were breached or compromised. “No passwords, payment card information, social security numbers, government identification numbers or other financial account information were stolen,” the company said.
The airline is still investigating the incident to get a more detailed look at what happened, but has already warned investors that it will likely incur significant costs due to the incident. According to The Wall Street JournalThe Federal Communications Commission has also opened an investigation into T-Mobile, because as a spokesperson told the publication, “this incident is the latest in a series of data breaches at the company.”
If you recall, the carrier confirmed in August 2021 that tens of millions of customers were affected by a data breach that exposed their sensitive information, including their social security numbers and driver’s licenses. T-Mobile CEO Mike Sievert said at the time that the hacker used “specialized” tools and knowledge of his infrastructure to gain access to his test environment. While the initial number of customers affected by that breach was around 30 million, it eventually ballooned to 76.6 million customers.
Nearly a year later, the carrier agreed to pay $350 million to settle a consolidated class action lawsuit and committed to spend $150 million to upgrade its data security technologies. What The New York Times The company reportedly said it has “made substantial progress to date” on those updates, but it clearly wasn’t enough to prevent this incident. However, in its announcement, T-Mobile pledged to continue to make “substantial multi-year investments to strengthen [its] cybersecurity program.
All Engadget Recommended products are curated by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publication.