T-Mobile is no stranger to data breaches. It seems the carrier has at least one per year at this point, and it appears that time has come once again.
The carrier has announced that a data breach has occurred via their business newsroom.
The breach included full names, dates of birth, phone numbers, billing addresses, email addresses, and account information (like account numbers, rate plans, line counts, etc).
Some customers are already seeing a banner when logging into their T-Mobile accounts informing them that they are impacted, as seen below.
The “Learn More” link goes to this page, which is embedded below as a screenshot.
On that page, T-Mobile says the breach was ongoing between November 25th 2022 and January 5th 2023. They also reiterate that no passwords or social security numbers were leaked in this incident.
There’s no mention or word yet on if T-Mobile will offer any type of credit monitoring service, like they did with McAfee last time, for the affected customers.
Apparently no information that could “compromise the safety of customer accounts or finances” was released. According to Reuters, approximately 37 million accounts were compromised. The breach was discovered on January 5th.
The breach was apparently conducted by a “bad actor” via an API. T-Mobile security teams identified the issue and shut down the access within 24 hours.
This news is breaking, so we’ll update this article when we have more information.