According to the operator, the data of 37 million customers has been compromised
Today, US mobile giant T-Mobile has announced it has been hit by another cyberattack, resulting in the data of 37 million customers being accessed by a malicious actor.
The breach was reportedly identified on January 5, with the operator saying they had removed the attacker’s access to the data within 24 hours.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” said the company in a statement.
T-Mobile was quick to play down the severity of the attack, noting that no sensitive data, such as financial information, was compromised. Instead, the operator said that the information stolen was “basic” and “the type widely available in marketing databases or directories”.
Basic or not, this data does include details such as names, dates of birth, and account numbers.
The Federal Communications Commission (FCC) has initiated an investigation into the breach.
It is worth noting that this is not the first time in recent memory that T-Mobile has been hit with a major cybersecurity scandal.
In 2021, the operator reported a breach that had compromised data relating to 76.6 million customers. One year later, the FCC fined operator $350 million and stipulated they must spend a further $150 million on additional cyberdefense measures.
In somewhat related news, the FCC is currently in the process of updating its data breach reporting rules, aiming to have telcos notify customers earlier when their data has been compromised.
Want to keep up with all of the latest news from the US telecoms sector? Join the experts in discussion at this year’s Connected America conference