Some 37 million T-Mobile customers had their personal information stolen after an “unidentified malicious intruder” hacked the wireless giant’s network — its second major security strand in just two years.
The company told the Security and Exchange Commission that the security breach was discovered Jan. 5, and said the stolen data included customer addresses, phone numbers and dates of birth.
Based on the investigation to date, no passwords, PINs, bank account or credit card details, social security numbers, or other government IDs were disclosed in the breach.
The company said it notified law enforcement and federal agencies, saying the data was first accessed on or about November 25.
In July, the company was ordered to pay $350 million after customers filed a class action lawsuit following a separate data breach related to Social Security numbers and driver’s license information.
T-Mobile has announced that the addresses, phone numbers and dates of birth of 37 million customers have been collected by an “unidentified malicious intruder” in yet another breach against the US wireless carrier
“Our investigation is ongoing, but malicious activity appears to be fully contained at this time and there is currently no evidence that the attacker was able to breach or compromise our systems or network,” the company said added that it had started notifying affected customers.
‘We understand that an incident like this has an impact on our customers and we regret that this has happened.’
The U.S. Federal Communications Commission (FCC) has also opened an investigation into the company’s data breach incident, the Wall Street Journal reported Thursday, citing an FCC spokesman.
The company’s shares fell 2 percent in after-hours trading.
T-Mobile previously announced it would spend $150 million through 2023 to strengthen its data security and other technologies after nearly 80 million US citizens were affected by the security breach in August.
In Thursday’s filing, T-Mobile said it had “made significant progress to date” on these upgrades. It also acknowledged it could incur “significant costs” from the latest breach.
The company told the Security and Exchange Commission that the breach was discovered on Jan. 5, and said the data subject to the theft did not include any passwords or PINs, bank account or credit card details, social security numbers, or other government ID based on its investigations to date
Prior to August 2021, the company disclosed violations in January 2021, November 2019 and August 2018 that involved accessing customer information.
Headquartered in Bellevue, Washington, T-Mobile became one of the country’s largest wireless service providers in 2020 after buying rival Sprint that same year. It said it had more than 102 million customers after the merger.
Data breaches are a major concern for major corporations in the US, with ransomware attacks on hospitals and other businesses storing highly sensitive information increasing in recent years.
Following the 2021 attack on T-Mobile, the Biden administration said protecting the country from cyberattacks was its “top priority.”
“All organizations must recognize that no organization is safe from ransomware, regardless of size or location,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said in an open letter to the private sector on June 2, 2021.
“Ransomware attacks have disrupted organizations around the world, from hospitals in Ireland, Germany and France to pipelines in the United States and banks in the UK. The threats are serious and increasing.”
Colonial, the country’s largest fuel pipeline, paid Darkside $4.4 million after a ransomware attack in May. Above: Fuel tanks at the Colonial Pipeline station in Washington, DC
On May 13, 2021, vehicles waited in lines at a Costco in Raleigh, North Carolina. Motorists in the South continued to experience fuel economy issues even after the Colonial Pipeline resumed operations
In May 2021, the 5,500-mile Colonial Pipeline was disrupted by a ransomware attack.
The pipeline runs from Houston, Texas through the southeastern United States and carries about 45 percent of the fuel consumed on the east coast.
The pipeline paid a ransom of $4.4 million in bitcoin to the criminal hacking group Darkside.
The Justice Department eventually recovered $2.3 million, or 63.7 bitcoin, from the group, according to CNN.
Also this month, Irish hospitals were reduced to pen and paper after ransomware group Conti took hold of the country’s healthcare system, demanding $20 million, according to the BBC.
The group eventually granted free access to the hospitals’ systems, but threatened to “sell or release a lot of private data” if they didn’t get the money.