T-Mobile Hack Impacts 37M Accounts Accessed By ‘Bad Actor’

The wireless giant said on Thursday that it was investigating a data breach that has potentially affected 37 million user accounts.

Wireless giant T-Mobile revealed on Thursday that it was actively investigating a data breach that has potentially affected 37 million user accounts.

The company said it first identified malicious activity on January 5 when it noticed that a “bad actor” obtained data through a single API without authorization. The breach was contained within a day and no sensitive data, such as customer financial information, was compromised, according to T-Mobile in an 8-K filed on Thursday with the U.S. Securities and Exchange Commission.

The Bellevue, Wash.-based carrier did not respond to CRN’s request for comment on the breach and its potential impact on business users prior to publication.

[Related: The 10 Biggest Data Breaches Of 2022]

The breach, which the company believed began on or around November 25, did surface some “basic customer information,” including names, billing addresses, emails and phone numbers, according to T-Mobile. The carrier added that its systems and policies prevented the most sensitive types of customer information from being accessed.

“No information was obtained for impacted customers that would compromise the safety of customer accounts or finances,” T-Mobile said in the filing.

The carrier said that it could incur “significant expenses” related to the breach and pointed to its “substantial, multi-year investment” in cybersecurity, which includes working with external security experts to enhance its capabilities and transform the company’s approach to security.

“We have made substantial progress to date and protecting our customers’ data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program,” T-Mobile said.

The investigation, T-Mobile said, is ongoing and there’s currently no evidence that the bad actor was able to breach or compromise any other systems or the network.

T-Mobile has suffered a series of data breaches in recent years. One of the larger incidents happened in August 2021 in which personal data, including Social Security numbers, was accessed by a hacker and impacted over 50 million people.

T-Mobile’s stock fell 2.37 percent in after-hours trading on Thursday.