Click to Skip Ad
Closing in...

T-Mobile confirms new data breach impacting 37 million accounts

Published Jan 19th, 2023 8:27PM EST
T-Mobile Storefront
Image: Michael Buckner for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

On Thursday, January 19, T-Mobile published an article on its website informing customers about a recent data breach. According to the article, T-Mobile discovered through an investigation that a bad actor was able to use an API to “obtain limited types of information” on customer accounts. T-Mobile cut off the hacker’s access within 24 hours, which “prevented the most sensitive types of customer information from being accessed.”

“While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware,” the mobile carrier explained in its notice.

T-Mobile says the bad actor did obtain some basic customer information, such as names, billing addresses, emails, phone numbers, birthdays, account numbers, number of lines on the account, and service plan features. Passwords, credit card details, social security numbers, government ID numbers, and other financial account information were not compromised.

T-Mobile’s customer notice didn’t include specifics, but its filing with the Securities and Exchange Commission (SEC) did. The SEC filing reveals that the hacker obtained data on approximately 37 million postpaid and prepaid T-Mobile customer accounts.

“We currently believe that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022,” T-Mobile explains in the SEC filing. “We are continuing to diligently investigate the unauthorized activity. In addition, we have notified certain federal agencies about the incident, and we are concurrently working with law enforcement. Additionally, we have begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements.”

This data breach comes less than two years after T-Mobile dealt with a similar incident that affected 50 million customers. The good news is that neither hack included financial information or private details that could put customers or their bank accounts at risk.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.