T-Mobile U.S. confirmed in a regulatory submitting that it has suffered a cyber assault, through which information for roughly 37 million present postpaid and pay as you go buyer accounts have been stolen.
According to the corporate, there’s presently no proof of breach or compromise to its methods or community.
The telecom main is within the technique of informing impacted prospects {that a} dangerous actor used a single Application Programming Interface (API) to acquire restricted forms of info on their accounts.
In a submitting with the U.S. Securities and Exchange Commission, T-Mobile mentioned the impacted API was capable of present some primary buyer info, together with title, billing handle, e mail, telephone quantity, date of beginning, T-Mobile account quantity and knowledge relating to the variety of traces on the account and plan options.
However, no passwords, cost card info, social safety numbers, authorities ID numbers or different monetary account info have been compromised.
T-Mobile mentioned that on January 5, it recognized {that a} dangerous actor was acquiring information by way of a single API with out authorization.
The firm, by way of an investigation with exterior cybersecurity consultants, have been capable of hint the supply of the malicious exercise and cease it inside 24 hours.
The investigation remains to be ongoing, however the malicious exercise seems to be totally contained right now.
It is now believed that the dangerous actor first retrieved information by way of the impacted API beginning on or round November 25, 2022.
T-Mobile mentioned it has notified sure federal businesses concerning the incident, and are concurrently working with regulation enforcement.
The firm at current doesn’t anticipate that the incident could have a fabric impact on its operations.
The firm mentioned, “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”