Skip to main content

T-Mobile admits to another security breach impacting 37 million accounts

T-Mobile is informing customers of a data breach that saw a “bad actor” obtain “limited types of information” from user accounts. T-Mobile says that it shut down this bad actor’s access to the data within 24 hours, and that system fallbacks in place “prevented the most sensitive types of customer information from being accessed.”

T-Mobile announces another data breach

T-Mobile announced this security breach in an article on its website today. This marks the latest in a string of data breaches that have impacted the company. The biggest of those data breaches occurred in August of 2021 and impacted over 50 million people. In that data breach, personal data, including social security numbers, was accessed by the hacker.

We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.

As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.

Thankfully, at least as of right now, the data breach announced today didn’t include that type of sensitive customer data. The company says that “no information was obtained for impacted customers that would compromise the safety of customer accounts or finances.”

Instead, the “bad actor” obtained some “basic customer information” that it says is already widely available elsewhere:

No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.

T-Mobile’s post on its website doesn’t reveal how many customers were impacted by this data breach. In a filing with the US Securities and Exchange Commission, however, the company says that the breach exposed the customer information of 37 million accounts.

This data breach ultimately doesn’t seem nearly as bad as other breaches that have impacted T-Mobile. Nonetheless, it’s not reassuring that the company continues to face these types of security concerns.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications