T-Mobile Says Data on 37 Million Customers Stolen
T-Mobile has been hit with a data breach that has impacted about 37 million of its customers. The data breach resulted in the personal identification information of millions of customers across the nation being shared with unauthorized individuals.
In a form filed with the U.S. Securities and Exchange Commission on January 19, T-Mobile explains that they were able to identify the breach and stop the hackers from further malicious activity within the same day. In their statement, T-Mobile shares, “Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
According to T-mobile, the breach was first identified on January 5th. However, the hackers were able to break into the network on about November 25th. Hackers did so by breaching an application programming interface that contained the personal identification of customers including their names, billing addresses, phone numbers, dates of birth, emails, T-Mobile account numbers, and more.
While the telephone service company says that about 37 million accounts were compromised, not all 37 million accounts included all the personal information that was identified as stolen by hackers. Additionally, T-Mobile notes that sensitive information including payment information, Social Security or tax ID numbers, government ID numbers, driver's license numbers, security pins, and passwords were not compromised during the breach.
T-Mobile shared in their notice, “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, based on our investigation to date, customer accounts and finances were not put at risk directly by this event.”
T-Mobile explains that after discovering the breach, it immediately notified federal agencies and is in the process of notifying customers that may have been impacted. In addition to following federal guidelines as they describe, the company explains that they will “continue to make substantial investments to strengthen our cybersecurity program.”
Over the past couple of years, T-Mobile has been the target of several high-profile data breaches. This has weakened the company's image over time and understandably given customers reasons to be concerned about their digital security with T-Mobile.
More recently, in August 2021, T-Mobile agreed to a $350 million settlement in a class action lawsuit over a data breach that resulted in the loss of social security numbers and driver's license information for over nearly 80 million Americans. T-Mobile was also hit with cyberattacks from hackers in January 2021, 2019, and August 2018. In all cases, sensitive customer data was stolen by hackers.
Some analysts have raised concerns citing that while cybersecurity breaches are not unusual, being the target of several significant cybersecurity attacks is. Being the target of repeated threats and attacks may mean that the company has many vulnerabilities that have yet to be patched by the company’s security team. The repetitive breaches could also indicate that the company has an overall weakened cybersecurity policy in place that needs to be more thoroughly designed.