T-Mobile announced on Thursday that its network experienced a data breach affecting approximately 37 million current postpaid and prepaid customer accounts.
NurPhoto | Getty Images
According to the SEC filing, the breach occurred on November 25, 2022, but was not identified until January 5, 2023.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company said.
The stolen data includes names, addresses, emails, phone numbers, date of birth, T-Mobile account numbers, and the number of lines on the account and plan features. However, the company wrote that many of the affected accounts did not contain the full data set.
Related: T-Mobile Says Data on Over 48 Million People Stolen by Hackers
“We have notified certain federal agencies about the incident, and we are concurrently working with law enforcement,” T-Mobile stated. “Additionally, we have begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements.”
T-Mobile has experienced eight reported data breaches since 2018. The most recent incident was in April 2022, when hacking group Lapsus$ gained access to the company’s employee’s accounts, allowing them to reassign a phone number to a device under their control, TechCrunch reported at the time. The hackers collected data on 7.8 million users.
Related: The How-To: Protect Your Business From A Data Breach