T-Mobile USA stated on Thursday that a recent attack affected the data of 37 million of its customers. In a filing with the US Securities and Exchange Commission (SEC), the company stated that on January 5, it discovered that a “bad actor” had infiltrated its computer system and was siphoning out data without authorization.
The company said that after identifying the source of the breach, it was rectified within 24 hours and that it believes the remainder of its systems were not compromised.
Later, the organization discovered that the attack most likely began around November 25. T-Mobile users’ names, addresses, emails, phone numbers, dates of birth, and account numbers were among the information stolen. According to the corporation, it does not include bank or social security card numbers, tax information, or passwords.
“Customer accounts and finances were not put at risk directly by this event,” the Deutsche Telekom-owned company said.
Customers who have been affected will be notified, and an internal investigation is still ongoing, according to the company.
“We may incur significant expenses in connection with this incident,” T-Mobile said.
The new theft follows another incident in 2021 that compromised the data of 76.6 million US residents.
Last August, the business agreed to pay $350 million to settle class-action lawsuits and spend $150 million on data protection and cybersecurity in 2022 and 2023. Before the August 2021 incursion, the corporation acknowledged breaches in which customer information was obtained in January 2021, November 2019, and August 2018.
T-Mobile, established in Bellevue, Washington, acquired rival Sprint in 2020 and became one of the country’s top cellphone service carriers. Following the merger, it reported having more than 102 million customers. (mypatraining.com)