The largest US telecom operator T-Mobile said in a regulatory filing that an unknown malicious intruder breached its network in late November and stole data on 37 million customers.
“On January 5, 2023, T-Mobile identified that a bad actor was obtaining data through a single application programming interface (“API”) without authorization, the US wireless carrier said in the filing. Immediately launched an investigation with experts. And within a day of learning about the malicious activity, we were able to locate and block the source of the malicious activity.”
It said the investigation is still ongoing, but the malicious activity has been fully contained at this time.
The hacked information includes T-Mobile customers’ names, addresses, emails, phone numbers, dates of birth and account numbers, according to the company.
The company further assured that customer payment card information (PCI), social security numbers/tax IDs, driver’s license or other government ID numbers, passwords/PINs or other financial account information were not compromised.
T-Mobile said in a filing with the US Securities and Exchange Commission that the breach was discovered on Jan.
According to Reuters, the company has been hacked several times in recent years.
In its filing, T-Mobile said it did not expect the latest breach to have any impact on its operations. But Neil Mack, a senior analyst at Moody’s Investors Service, said in a statement that the breach raises questions about the management’s cyber governance and could alienate customers and attract scrutiny by the Federal Communications Commission and other regulators.
“Although these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile relative to telecom peers is alarming,” Mack said.
In July, T-Mobile agreed to pay $350 million to customers who filed a class action lawsuit in August 2021 after the company disclosed personal data including Social Security numbers and driver’s license information was stolen. did. About 80 million US residents were affected.
It also said at the time that it would spend $150 million through 2023 to strengthen its data security and other technologies.
Prior to the August 2021 intrusion, the company disclosed breaches in January 2021, November 2019 and August 2018 that accessed customer information.
T-Mobile, based in Bellevue, Washington, became one of the nation’s largest cellphone service carriers in 2020 after purchasing rival Sprint. It is reported to have over 102 million customers after the merger.
(with inputs from Reuters)
catch all business News, market news, breaking news events and breaking news Update on Live Mint. download mint news app To get daily market updates.