face palm: Another day, another data breach. This time, wireless service provider T-Mobile has disclosed a data breach involving millions of prepaid and paid customer accounts. Here’s what we know at this hour.
in Form 8-K filing With the US Securities and Exchange Commission, T-Mobile said it identified a bad actor that obtained the data through a single API without permission on January 5, 2023. Within a day of the discovery, the carrier was able to track down the source of the activity and put a stop to it. .
The bad actor is believed to have first obtained the data through the affected API on or about November 25, 2022. The investigation is ongoing, we’re told, but the malicious activity appears to have been fully contained at this time.
The breach disclosed certain customer information including name, billing address, email address, telephone number, date of birth, account number, information regarding service plan features, and the number of lines on the account. According to T-Mobile, nearly all of this type of data is widely available in marketing databases or directories.
T-Mobile said no passwords, social security numbers, government identification numbers, passwords, or other financial data were hacked.
Nearly 37 million active postpaid and prepaid customer accounts have been affected.
T-Mobile He said She is working with law enforcement on this matter and has notified the appropriate federal agencies. The carrier also began notifying affected customers and warned that it could incur significant expenses in connection with the accident.
to me The Wall Street JournalThe Federal Communications Commission opened an investigation. “This incident is the latest in a series of data breaches at the company, and the FCC is investigating,” an FCC spokesperson told the publication. According to TechCrunch, this is the eighth T-Mobile has been hacked since 2018.
Last summer, T-Mobile suffered an even larger data breach that affected nearly 77 million people and agreed to pay $350 million to settle a class action lawsuit over the matter. The company has also committed to spending another $150 million on additional data security and related technologies in 2022 and 2023.