© 2024 Connecticut Public

FCC Public Inspection Files:
WEDH · WEDN · WEDW · WEDY
WECS · WEDW-FM · WNPR · WPKT · WRLI-FM · WVOF
Public Files Contact · ATSC 3.0 FAQ
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

T-Mobile says breach exposed personal data of 37 million customers

U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.
Michael Dwyer
/
AP
U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

BOSTON — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

T-Mobile said in a filing with the U.S. Securities and Exchange Commission that the breach was discovered Jan. 5. It said the data exposed to theft — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs.

"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time," T-Mobile said, with no evidence the intruder was able to breach the company's network. It said the data was first accessed on or around Nov. 25.

T-Mobile said it has notified law enforcement and federal agencies, which it did not name. It did not immediately respond to an e-mail seeking comment.

The company has been hacked multiple times in recent years. In its filing, T-Mobile said it did not expect the latest breach to have material impact on its operations. But a senior analyst for Moody's Investors Service, Neil Mack, said in a statement that the breach raises questions about management's cyber governance and could alienate customers and attract scrutiny by the Federal Communications Commission and other regulators.

"While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers," Mack said.

In July, T-Mobile agreed to pay $350 million to customers who filed a class action lawsuit after the company disclosed in August 2021 that personal data including Social Security numbers and driver's license info had been stolen. Nearly 80 million U.S. residents were affected.

It also said at the time that it would spend $150 million through 2023 to fortify its data security and other technologies.

Prior to the August 2021 intrusion, the company disclosed breaches in January 2021, November 2019 and August 2018 in which customer information was accessed.

T-Mobile, based in Bellevue, Washington, became one of the country's largest cellphone service carriers in 2020 after buying rival Sprint. It reported having more than 102 million customers after the merger.

Copyright 2023 NPR. To see more, visit https://www.npr.org.

Stand up for civility

This news story is funded in large part by Connecticut Public’s Members — listeners, viewers, and readers like you who value fact-based journalism and trustworthy information.

We hope their support inspires you to donate so that we can continue telling stories that inform, educate, and inspire you and your neighbors. As a community-supported public media service, Connecticut Public has relied on donor support for more than 50 years.

Your donation today will allow us to continue this work on your behalf. Give today at any amount and join the 50,000 members who are building a better—and more civil—Connecticut to live, work, and play.

Related Content