T-Mobile experienced a second breach in security in less than 18 months. The carrier revealed that a hacker stole data, including names, birth dates, and phone numbers, from 37 million customer accounts.
The “bad actor” was initially found to obtain data on January 5, and the carrier plugged the hole with help from outside cybersecurity experts by the next day.
According to the telecom, there was no evidence its security systems were compromised, and the mechanism the hacker used did not reveal more sensitive data like social security numbers, government identification numbers, passwords, or payment card info.
The exposed information included names, billing and email addresses, phone numbers, birth dates, T-Mobile account numbers and information on plans and subscriptions. However, not all accounts had the full list of data leaked. The carrier is in the process of informing affected parties in accordance with state and federal requirements.
Just a year and a half ago, in August 2021, data from nearly 77 million T-Mobile accounts leaked, and back then, it included SSN and driver IDs. Following a lawsuit, the company was ordered to pay $350 million to settle customer claims and to invest $150 million more in enhancing its cybersecurity practices and technologies. In the latest filing, T-Mobile revealed it “made substantial progress to date” on those upgrades.