T-Mobile data breach exposes nearly 37 million accounts

Jan 20 (Reuters) – US wireless carrier T-Mobile (TMUS.O) It said Thursday it was investigating a data breach that may have exposed 37 million prepaid and postpaid accounts, and hinted at significant costs related to the incident.

It’s the second major cyberattack in less than two years, and it comes months after the carrier agreed to upgrade its data security to settle a lawsuit related to a 2021 incident that compromised the information of an estimated 76.6 million people.

The company said the company identified malicious activity on January 5 and it was contained within a day, adding that no sensitive data such as financial information was disclosed.

However, T-Mobile added that basic customer data — such as name, billing address, email, and phone number — had been compromised and that it had begun notifying affected customers. The company has more than 110 million subscribers.

A spokesperson for the US Federal Communications Commission (FCC) said the regulator has opened an investigation into the incident.

“Carriers have a unique responsibility to protect customers’ information. When they fail to do so, we will hold them accountable. This incident is the latest in a series of data breaches at the company, and the FCC is investigating,” the spokesperson said.

T-Mobile declined to comment on the investigation. The company’s shares fell 1% in Friday morning trading.

The news of the accident was also met with a sharp reaction from analysts.

“While these cybersecurity breaches may not be systemic in nature, their frequency at T-Mobile is an alarming anomaly for telecom peers,” said Neil Mack, senior analyst at Moody’s Investors Service.

“This could negatively affect customer behavior, cause spikes and potentially attract scrutiny from the FCC and other regulators.”

Additional reporting by Eva Matthews and Lavanya Ahir in Bengaluru; Additional reporting by Akanksha Khushi. Editing by Rashmi Aish, Savio de Souza, and Anil D. Silva

Our standards: Thomson Reuters Trust Principles.