T-Mobile US has suffered another data breach, with the company disclosing that a single Application Programming Interface (API) was used to “obtain limited types of information” on some of its customers.
T-Mo said it was in the process of informing those customers, and that the information involved was “basic customer information” such as names, addresses, dates of birth, and customer contact information, plus service plan features and number of lines on the account.
“As soon as our teams identified the issue, we shut it down within 24 hours,” the carrier said in a statement. “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”
The company went on to say that the data breach did not include passwords, payment card information or other financial account information, Social Security numbers or government ID numbers.
“While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware. … While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” the carrier said.
T-Mobile US has disclosed more than half a dozen data breaches since 2018, with the largest one coming in 2021 after affecting more than 75 million current, former and potential T-Mobile US customers. In July of this year, T-Mobile US agreed to a $350 million settlement in a class action lawsuit over that data breach, in addition to committing to spending $150 million to bolster its cybersecurity. T-Mobile US CEO Mike Sievert had indicated in the immediate wake of the 2021 breach that T-Mobile US was expanded its relationship with security company Mandiant and had begun working with KPMG to bolster its security strategy.