T-Mobile: 37 million US customers' data breached

The Telecom company T-Mobile revealed on Thursday that the data of 37 million customers was hacked in November 2022.

The US subsidiary of the German telecom giant noticed on January 5 that a "bad actor" had infiltrated its cyber defenses and was extracting data without authorization, the company said in a filing with the US Securities and Exchange Commission (SEC).

T-Mobile claimed in its filing to the SEC that once the source of the hack was identified, it was fixed within 24 hours and the rest of the systems were not affected.

What do we know about the incident?

The information that was hacked includes customers' names, e-mail IDs, phone numbers, dates of birth and account numbers.

The hackers did not manage to extract bank numbers, social security numbers, tax information or passwords, the company told the regulator.

"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time," T-Mobile said. "Customer accounts and finances were not put at risk directly by this event." 

A senior analyst from Moody's Investor Services said the incident raises serious questions about T-Mobile's ability to protect customer data.

"While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers," analyst Neil Mack told AP.

He further cautioned that the breach could attract scrutiny from US regulators.

A history of bad security

Owned by German-based Deutsche Telekom, T-Mobile has a recent history of data breaches.

In June of 2022, the telecom provider agreed to pay $350 million (€323 million) to settle a class action lawsuit and spent another $150 million on data protection and cyber security in 2022 and 2023. That was after the company failed to protect the sensitive data of 76.6 million US residents.

Before that, T-Mobile reported breaches in January 2021, November 2019 and August 2018.

mk/ar (AFP, AP)