T-Mobile said on Thursday it has suffered a data breach involving 37 million customer accounts.
The mobile carrier discovered the breach on January 5 and took action “within 24 hours.”
According to a message shared online by T-Mobile on Thursday, stolen information includes customer names, billing addresses, email addresses, phone numbers, birth dates, account numbers, and information such as the number of lines on the account and service plan features.
It added that the hacker did not gain access to “the most sensitive types of customer information” and therefore “customer accounts and finances should not be put at risk directly by this event.”
To be clear, no passwords, payment card information, Social Security numbers, government ID numbers, or other financial account information were compromised, T-Mobile said.
Commenting on the data breach, the carrier said: “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multiyear investments in strengthening our cybersecurity program.”
T-Mobile said it’s now in the process of informing impacted customers.
In its online message, the company made no mention of the number of affected customers, nor did it give the date of the attack. Instead, this information was contained in a filing submitted to the U.S. Securities and Exchange Commission on January 19.
Thursday’s revelation marks the latest in a string of damaging data breaches to affect T-Mobile in recent years.
The most serious of these was in 2021, when a hack affected around 50 million current and former T-Mobile customers. The stolen data included customers’ first and last names, birth dates, Social Security numbers, and driver’s license/ID information.
It said at the time: “We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack.”
A hacker claiming to have carried out the attack described T-Mobile’s cybersecurity measures at the time as “awful.” News of this latest breach may leave many customers wondering if that’s still the case.