T-Mobile has admitted another major data breach allowed hackers to steal the information of around 37 million postpaid and prepaid customers. The airline said in a regulatory filing that it discovered the problem on Jan. 5, but believes the bad actors have been taking data from the company since Nov. 25. In a post announcing the breach, T-Mobile revealed that the hackers used an API to steal customer information.
While the company was able to contain the issue 24 hours after detecting the malicious activity, the attackers had access to its data long enough to steal people’s names, billing addresses, emails, phone numbers, and birthdays. They were also able to get users’ account numbers and information about their plans, such as: B. the number of lines they have. However, T-Mobile said it found no evidence that its network or systems had been breached or compromised. “No passwords, payment card information, social security numbers, government ID numbers, or other financial account information” were stolen, the company said.
The airline is still investigating the incident to get a more detailed view of what happened, but has already warned investors that it would likely incur significant costs as a result of the incident. After The Wall Street JournalThe Federal Communications Commission has also launched an investigation into T-Mobile because, according to a spokesperson for the publication, “this incident is the latest in a string of data breaches at the company.”
If you recall, in August 2021 the airline confirmed that tens of millions of customers were affected by a data breach that exposed their sensitive information, including their social security numbers and driver’s licenses. T-Mobile CEO Mike Sievert said at the time the hacker used “specialized” tools and knowledge of its infrastructure to gain access to its test environment. While the initial number of customers affected by this breach was approximately 30 million, it eventually grew to 76.6 million customers.
Nearly a year later, the airline agreed to pay $350 million to settle a class action lawsuit and pledged to spend $150 million to upgrade its data security technologies. When The New York Times The company has reportedly “made significant progress so far” with these updates, but it clearly wasn’t enough to prevent this incident. However, in its announcement, T-Mobile pledged to continue making “significant, multi-year investments in strengthening.” [its] cybersecurity program.”
All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission. All prices are correct at time of publication.