Summary

• T-Mobile announced data breach affecting 37 million customers.
• No sensitive data, such as payment information, passwords, or Social Security numbers were accessed.
• Company is still investigating the source of the hack.

T-Mobile US Inc., one of the largest wireless providers in the United States, has announced that a hacker obtained data for 37 million customer accounts on January 5th, 2021. The company stated that the data obtained by the hacker did not include payment information, passwords, or other sensitive personal data. T-Mobile discovered the hack on January 5th and was able to trace the source and stop it within a day.

The company has stated that the investigation is still ongoing, but they believe the culprit appeared to obtain the information through a single entry point serving customer data, and does not appear to have breached the company's systems or network.

The data that was stolen includes the names, addresses, emails, and phone numbers of customers, along with their account numbers and plan details. The company has also stated that credit cards, passwords, and Social Security numbers were not accessed. Even without these sensitive data, hackers may still be able to target individual customers for theft or breach other accounts.

T-Mobile has said in a statement to customers that "all of the information stolen is the type widely available in marketing databases or directories." The company also stated in a filing with the US Securities and Exchange Commission that "based on our investigation to date, customer accounts and finances were not put at risk directly by this event."

The company has alerted law enforcement and has begun notifying customers whose information may have been accessed. A T-Mobile representative declined to comment beyond what was written in the filing.

T-Mobile has faced multiple data breaches in the last few years. In 2021, a hacker stole the personal information, including Social Security numbers and driver's license information, of more than 13 million active and 40 million prospective T-Mobile customers. The company settled a class-action suit related to that breach for $500 million last year. T-Mobile has also disclosed breaches in previous years, including 2020.

“Unfortunately, we do see victims get revictimized," said Jackie Burns Koven, head of cyber threat intelligence at Chainalysis Inc., in a Bloomberg Television interview. "This is not the first data breach that has affected T-Mobile.”

T-Mobile has stated in its filing that there may be "significant expenses" incurred in connection with this most recent incident, however, the company does not expect that it will have a material effect on its operations. This latest data breach highlights the ongoing issue of data security and the need for companies to have strong security measures in place to protect customer information.