T-Mobile acknowledged on Thursday that it suffered another data breach of its network in late November, and information on 37 million customers, including addresses, phone numbers and dates of birth was stolen.
In a filing before the U.S. Securities and Exchange Commission (SEC), T-Mobile said the breach was discovered on Jan. 5. It said the data — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs. However, that information can be compiled with the information that was reported stolen.
T-Mobil discovered the source of the breach and stopped it a day after the hack was uncovered. The company notified law enforcement and federal agencies upon discovering the attack, and it has hired an external cybersecurity team to investigate, and that probe continues.
“Protecting our customers’ data remains a top priority,” T-Mobile said in a statement. “We will continue to make substantial investments to strengthen our cybersecurity program. … Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time.”
The company noted that it began a “substantial, multi-year investment” in 2021 to improve its cybersecurity capabilities and protections.
This is not the first time T-Mobile has been hacked. It has been targeted multiple times in recent years. In its filing, T-Mobile said it did not expect the latest breach to have a material impact on its operations.
Last July, T-Mobile agreed to pay $350 million to customers who filed a class action lawsuit after the company disclosed in August 2021 that personal data including Social Security numbers and driver’s license info had been stolen. Nearly 80 million U.S. residents were affected.
Prior to the August 2021 intrusion, the company disclosed breaches in January 2021, November 2019 and August 2018.
The wireless carrier didn’t indicate what it might do to remedy the situation. It noted it could be on the hook for “significant expenses” because of the hack, although the company said it doesn’t expect the charges will have a material effect on its bottom line.
