For the second time in as many years, T-Mobile has been hacked. The carrier suffered a database breach that began last November affecting the personal information of 37 million subscribers, according to a filing with the Securities Exchange Commission last week. The hacker obtained access to limited types of information, including name, billing address, email, phone number, date of birth, and the T-Mobile account number of current postpaid and prepaid accounts.
On January 5, 2023, T-Mobile identified that someone had obtained data on November 25, 2022, through an Application Programming Interface, commenced an investigation and shut down the malicious activity. “As soon as our teams identified the issue, we shut it down within 24 hours,” the carrier said in a statement. “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event.”
Concurrently, the carrier is investigating the incident with law enforcement, but it said the attack appears to be contained at this time. “There is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” T-Mobile said.
Mobile World Live reports that T-Mobile agreed to pay $350 million last year to settle a lawsuit related to a data breach in 2021, involving more than 100 million customers.
By J. Sharpe Smith, Inside Towers Technology Editor