T-Mobile US Inc. has disclosed yet-another data breach, with the latest breach compromising data belonging to 37 million customers.
In a filing today with the U.S. Security and Exchange Commission, T-Mobile said a bad actor first retrieved data through an application programming interface on or around Nov. 25. The breach wasn’t detected until Jan. 5, and the company cut off access to the API one day later.
Information stolen included names, billing addresses, email addresses, phone numbers and dates of birth. Customer payment card information, Social Security numbers, IDs, passwords and other account data were not accessed by the bad actor.
T-Mobile covered the standard responses in relation to a breach, hiring third-party cybersecurity experts, informing law enforcement and notifying customers. The only thing seemingly missing is an offer of free credit monitoring to affected customers.
“As we have previously disclosed, in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity,” T-Mobile said in its filing. “We have made substantial progress to date, and protecting our customers’ data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program.”
Unfortunately for T-Mobile customers, the “substantial progress to date” does not include preventing data breaches from happening.
Things that are certain in life are death, taxes and T-Mobile data being stolen. Depending on the source, the company has suffered about a half-dozen breaches since 2018, although Bleeping Computer puts the figure at eight.
Previous hacks involving T-Mobile include the theft of the details of 2 million customers in August 2018, a hack involving the theft of prepaid customer data in November 2019, the theft of employee and customer data in March 2021 and the theft of 48 million records in August 2021.
The August 2021 breach resulted in T-Mobile agreeing to pay $500 million to settle a class action lawsuit in July. Under the agreement, $350 million went to a settlement fund and $150 million went toward enhancing data security measures.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.