BOSTON — T-Mobile announced on Thursday that an unnamed malicious intruder infiltrated its network in late November and took the addresses, phone numbers, and birth dates of 37 million customers.
In a complaint with the U.S. Securities and Exchange Commission, T-Mobile said that the breach was detected on January 5. According to its inquiry to date, the stolen data did not include passwords or PINs, bank account or credit card information, Social Security numbers or other official IDs.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” T-Mobile stated, adding that there is no indication the intruder was able to enter the company’s network. The data was initially obtained on or around November 25.
T-Mobile stated that it alerted unnamed law enforcement and federal entities. It did not react promptly to an email requesting comment.
T-Mobile, a U.S. telecommunications carrier, issued a statement claiming that “without any evidence, the intruder was able to breach the company’s network.”
In recent years, the company has been hacked many times. T-Mobile stated in its filing that it did not anticipate the current incident to have a meaningful impact on its business. Neil Mack, a senior analyst at Moody’s Investors Service, said in a statement that the intrusion raises doubts about the management’s cyber governance and might alienate customers and attract the attention of the Federal Communications Commission and other regulators.
“While these cybersecurity breaches may not be systemic in nature, the frequency with which they occur at T-Mobile is alarming in comparison to other telecommunications companies,” Mack added.
T-Mobile agreed in July to pay $350 million to customers who launched a class action lawsuit after the company reported in August 2021 that personal information, including Social Security numbers and driver’s license information, had been compromised. Almost 80 million Americans were affected.
It also stated at the time that it will invest $150 million in data protection and other technology through 2023.
Prior to the August 2021 breach, the business stated that user data had been accessed in January 2021, November 2019 and August 2018.
After acquiring Sprint in 2020, Bellevue, Washington-based T-Mobile became one of the nation’s top cell phone service providers. After the merger, it reported having more than 102 million customers.