News

T-Mobile breached by hackers as 37 million customers impacted

0:13

Hackers steal personal info on 37 million T-Mobile customers

Alastair Pike/AFP via Getty Images

January 20, 2023, 9:57 AM

T-Mobile says they discovered a "bad actor" was taking information through a single application, according to an SEC filing by the company this week.

"The preliminary result from our investigation indicates that the bad actor(s) obtained data from this API for approximately 37 million current postpaid and prepaid customer accounts, though many of these accounts did not include the full data set," the SEC filing dated Jan. 19 says.

Related Articles

MORE: T-Mobile says cyberattack impacted more customer data than initially thought

The wireless giant is facing the second major breach in as many years. They said the activity started on Nov. 25 and they notified the proper agencies when they discovered the hack on Jan. 5, 2023.

"We are continuing to diligently investigate the unauthorized activity," T-Mobile said. "In addition, we have notified certain federal agencies about the incident, and we are concurrently working with law enforcement. Additionally, we have begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements."

(FILES) In this file photo taken on July 26, 2019 The T-Mobile logo is seen outside a shop in Washington, DC. - US telecom company T-Mobile announced January 19, 2023 that a recent hack impacted 37 million of its customers' data. In a filing with the US Securities and Exchange Commission (SEC), the company said it realized on January 5 that a "bad actor" had managed to infiltrate its computer system and was siphoning off information without authorization

Alastair Pike/AFP via Getty Images

The company said they were able to trace the identity of the activity and stop it.

The Cybersecurity and Infrastructure Security Agency (CISA) has previously warned of major hacks occurring on or around holidays -- and it would appear this started around Thanksgiving.

The company says the most sensitive customer data wasn't taken but some personal information was.

Related Articles

MORE: Why ransomware cyberattacks are on the rise

"The API abused by the bad actor does not provide access to any customer payment card information (PCI), social security numbers/tax IDs, driver’s license or other government ID numbers, passwords/PINs or other financial account information, so none of this information was exposed. Rather, the impacted API is only able to provide a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features."

After the first hack, the company says they went through extensive cybersecurity measures.

Up Next in News—

Residents fight to keep AI data center campus away from Nashville Zoo

Mom says her 10-year-old daughter saved family from house fire

Man sues law enforcement alleging AI facial recognition technology led to wrongful arrest

What current, future retirees should know about potential Social Security shortfall

Shop GMA Favorites

ABC will receive a commission for purchases made through these links.

Sponsored Content by Taboola