T-Mobile confirms data breach of 37 million customer accounts

T-Mobile U.S. confirmed in a regulatory filing that it has suffered a cyber attack, in which data for approximately 37 million current postpaid and prepaid customer accounts were stolen.
According to the company, there is currently no evidence of breach or compromise to its systems or network.
The telecom major is in the process of informing impacted customers that a bad actor used a single Application Programming Interface (API) to obtain limited types of information on their accounts.
In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the impacted API was able to provide some basic customer information, including name, billing address, email, phone number, date of birth, T-Mobile account number and information regarding the number of lines on the account and plan features.
However, no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.
T-Mobile said that on January 5, it identified that a bad actor was obtaining data through a single API without authorization.
The company, through an investigation with external cybersecurity experts, were able to trace the source of the malicious activity and stop it within 24 hours.
The investigation is still ongoing, but the malicious activity appears to be fully contained at this time.
It is now believed that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.
T-Mobile said it has notified certain federal agencies about the incident, and are concurrently working with law enforcement.
The company at present does not expect that the incident will have a material effect on its operations.
The company said, "We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program."






X
Sitelerimizde reklam ve pazarlama faaliyetlerinin yürütülmesi amaçları ile çerezler kullanılmaktadır.

Bu çerezler, kullanıcıların tarayıcı ve cihazlarını tanımlayarak çalışır.

İnternet sitemizin düzgün çalışması, kişiselleştirilmiş reklam deneyimi, internet sitemizi optimize edebilmemiz, ziyaret tercihlerinizi hatırlayabilmemiz için veri politikasındaki amaçlarla sınırlı ve mevzuata uygun şekilde çerez konumlandırmaktayız.

Bu çerezlere izin vermeniz halinde sizlere özel kişiselleştirilmiş reklamlar sunabilir, sayfalarımızda sizlere daha iyi reklam deneyimi yaşatabiliriz. Bunu yaparken amacımızın size daha iyi reklam bir deneyimi sunmak olduğunu ve sizlere en iyi içerikleri sunabilmek adına elimizden gelen çabayı gösterdiğimizi ve bu noktada, reklamların maliyetlerimizi karşılamak noktasında tek gelir kalemimiz olduğunu sizlere hatırlatmak isteriz.