Communications giant T-Mobile has fallen victim to a large data breach. 37 million postpaid and prepaid customers have had their data exposed in the hack.

T-Mobile Has Been Hit By Huge Data Breach

American telecommunications giant T-Mobile has suffered a data breach, putting around 37 million customers' data on the line.

In an SEC filing, it was written that the malicious venture began in November 2022, but it wasn't until early January 2023 that T-Mobile discovered the malicious actor was "obtaining data through a single Application Programming Interface (“API”) without authorization." The attack operator was therefore able to access data for a few months.

Various kinds of data were exposed in the breach, including email addresses, billing addresses, names, account numbers, and T-mobile plan specifications.

T-Mobile also stated that it "promptly commenced an investigation with external cybersecurity experts and within a day of learning of the malicious activity, [staff] were able to trace the source of the malicious activity and stop it." From this statement, it seems that the attack itself has been accordingly dealt with.

This Isn't the First T-Mobile Data Breach

graphic of blue digital padlock

T-Mobile is no stranger to data breaches, with this most recent attack marking the fifth in five years. Since 2018, T-Mobile has suffered one or more data breaches each year, with 2021 bringing a particularly severe breach that exposed the data of 40 million former and prospective customers, as well as that of 7.8 million existing customers.

This Most Recent T-Mobile Hack Comes After $150M Security Endeavour

In August 2021, various customer data was accessed via a data breach, including passwords, driving license data, and payment card information. This led to a class action lawsuit, wherein T-Mobile agreed to pay a hefty $350 million compensation bill to customers and dedicate another $150 million to improve its security levels across two years.

But this most recent attack seems to show that not enough has been done to ward off certain forms of cybercrime, including data breaches.

But T-Mobile commented on this investment in the aforementioned SEC filing, stating that it has "made substantial progress to date, and protecting [its] customers’ data remains a top priority." It was also written that the company will "continue to make substantial investments to strengthen [its] cybersecurity program."

T-Mobile stated that it will likely "incur significant expenses in connection with this incident", though the extent of the financial damage is not known at the time of writing.

Data Breaches Are a Pressing Issue

As we continue to rely on technology for data storage, breaches continue to present a huge risk to organizations and individuals around the world. This is why it's important for the parties we entrust with our data to do what they can to heard off cybercrime and keep sensitive information safe.