In a financial filing on Thursday, T-Mobile revealed that a hacker had access to a trove of personal information on 37 million customers.
The telecom giant said the “bad guy” started stealing the data, including “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan”. features”, since November 25.
In the SEC filingT-Mobile said it discovered the breach more than a month later, on January 5, and within a day it fixed the problem the hacker was exploiting.
According to T-Mobile, the hackers did not breach a company system, but abused an application programming interface or API.
“Our investigation is ongoing, but the malicious activity appears to be fully contained at this time and there is currently no evidence that the malicious actor was able to compromise or compromise our systems or network,” the company wrote. .
This is the eighth time since 2018 that T-Mobile has been hacked. The most recent incident was in 2022 when a group of hackers known as Lapsus$ gained access to the company’s internal tools, giving them the opportunity to do so. -called SIM swaps, a type of hack where hackers take a victim’s phone number and then try to use that to reset and access the target’s sensitive accounts such as email or cryptocurrency wallets.
T-Mobile did not immediately respond to a request for comment.