Oh no! It looks like T-Mobile just discovered a security breach.
As released on the news section of their website, T-Mobile confirmed that they conducted a thorough investigation and discovered that “a bad actor used a single Application Programming Interface (or API) to obtain limited types of information” on the accounts of its customers. The Un-carrier is in the process of informing customers affected by this breach.
T-Mo shared that they were able to shut down the issue as soon as they were able to identify it. As a result of this decision, T-Mo was able to prevent their customers’ information from being accessed. They assured their customers that their accounts and finances were not directly put at risk by the breach. In fact, the Un-carrier did not find any evidence of its network or systems getting compromised.
The hack, which happened around January 5th, compromised 37 million accounts according to Reuters.
And although the bad actor was unable to get information on accounts and finances, the Un-carrier has let its customers know so they can be transparent with them.
As mentioned by T-Mobile:
No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
The company assured its customers that they will be continuing to make important investments to help strengthen its cybersecurity program.