New York CNN —
T-Mobile said a “malicious actor” accessed personal data of 37 million current customers in a data breach in November.
In a regulatory filing on Thursday, the company said the hacker stole customer information, including names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and information describing the type of service they use with the have cellphone service providers. According to T-Mobile, no social security numbers, credit card information, government ID numbers, passwords, PINs, or financial information were exposed in the hack.
Nonetheless, this information can be compiled with other stolen or publicly available information and used by scammers to steal people’s identities or money. T-Mobile said it is working with law enforcement and has begun notifying customers whose information may have been breached.
The wireless carrier didn’t say what it could do to fix the situation. It noted that it could incur “significant costs” because of the hack, although the company said it doesn’t expect the charges to have a material impact on T-Mobile’s bottom line.
After T-Mobile (TMUS) learned of the data breach, the company said it hired an outside cybersecurity team to investigate. T-Mobile (TMUS) was able to discover the source of the vulnerability and stop it a day after the hack was discovered. The company says it is continuing to investigate the breach but believes it is “fully contained.” It also found that T-Mobile’s (TMUS) systems and network did not appear to have been hacked.
“Protecting our customers’ privacy remains our top priority,” T-Mobile said in a statement. “We will continue to make significant investments to strengthen our cybersecurity program.”
The company noted that it began a “significant, multi-year investment” in 2021 to improve its cybersecurity capabilities and protections.