Security News > 2023 > January > T-Mobile admits to 37,000,000 customer records stolen by “bad actor”
US mobile phone provider T-Mobile has just admitted to getting hacked, in a filing known as an 8-K that was submitted to the Securities and Exchange Commission yesterday, 2023-01-19.
On January 5, 2023, T-Mobile US [] identified that a bad actor was obtaining data through a single Application Programming Interface without authorization.
T-Mobile first states the sort of data it thinks attackers didn't get, which includes payment card details, social security numbers, tax numbers, other personal identifiers such as driving licences or government-issued IDs, passwords and PINs, and financial information such as bank account details.
The attackers, it seems, had enough time to extract and make off with at least some personal data for about 37 million users, including both prepaid and postpaid customers, including name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features.
Affected customers may not agree that 37 million stolen customer records, notably including where you live and your data of birth.
T-Mobile, as you may remember, paid out a whopping $500 million in 2022 to settle a breach that it suffered in 2021, although the data stolen in that incident did include information such as SSNs and driving licence details.