T-Mobile Data Breach Hits 37 Million

May 15, 2023

INCIDENT

U.S. wireless carrier T-Mobile said an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

T-Mobile said in a filing with the U.S. Securities and Exchange Commission that the breach was discovered Jan. 5. It said the data exposed to theft — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs.

"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time," T-Mobile said, with no evidence the intruder was able to breach the company's network. It said the data was first accessed on or around Nov. 25.

T-Mobile, based in Bellevue, Washington, became one of the country's largest cellphone service carriers in 2020 after buying rival Sprint. It reported having more than 102 million customers after the merger.

Incident Date

November 25, 2022

Estimated Cost

Unknown, but customer data stolen

Victims

Type of Malware

No Malware identified

Threat Source

No threat source identified