Starting from January is not very good. T Mobile Another data breach was announced this week, this time affecting nearly 37 million customer accounts. Unlike other data breaches, where customer data is sometimes saved, this time it wasn’t. In this data breach, T-Mobile details that data was accessed, including name, billing address, email, phone number, date of birth, account number and information such as the number of lines on an account and service plan attributes.
T-Mobile tries not to make it so bad that much of this data is already “widely available” through marketing directories and databases. Importantly, the carrier specifically states that “no passwords, payment card information, Social Security numbers, government ID numbers or other financial account information were compromised.”
We are currently in the process of notifying affected customers that after a thorough investigation we have determined that a bad actor used a single application programming interface (or API) to access limited information on their accounts.
As soon as our teams identified the issue, we closed it within 24 hours. Our systems and policies prevent access to the most sensitive types of customer information, and as a result, this event should not put customer accounts and money directly at risk. There is no evidence that a bad actor breached or compromised T-Mobile’s network or systems.
For a little timeline, T-Mobile noted that the activity stopped within 24 hours of being noticed. However, not written in its press release, but filed with the SEC, T-Mobile says it believes “bad actors” began retrieving data through the affected API in November of last year.
In the last part of the SEC filing, T-Mobile says it expects the news not to have a material impact on its operations. Simply put, they don’t expect customers to get too upset and take their business elsewhere.
// T-Mobile | SEC Filings