US wireless carrier T-Mobile said Thursday it was investigating a data breach that may have exposed 37 million postpaid and prepaid accounts and indicated significant costs would be incurred in connection with the incident.
It’s the second major cyberattack in less than two years and comes months after the airline agreed to strengthen its data security to resolve a legal battle related to an incident in 2021 that compromised information on an estimated 76.6 million people became.
The company identified malicious activity on Jan. 5 and contained it within a day, it said, adding that no sensitive data such as financial information was disclosed.
T Mobile, but added that basic customer data — like name, billing address, email address, and phone number — was breached and that it had begun notifying affected customers. The company has more than 110 million subscribers.
A spokesman for the U.S. Federal Communications Commission (FCC) said the regulator had launched an investigation into the incident.
“Transport companies have a unique responsibility to protect customer information. If they don’t, we will hold them accountable. This incident is the latest in a series of data breaches at the company and the FCC is investigating,” the spokesman said.
T-Mobile declined to comment on the investigation. Shares of the company fell 1% in Friday morning trading.
News of the incident also drew sharp reactions from analysts.
“While these cybersecurity breaches are not inherent, their frequency at T-Mobile is an alarming outlier compared to telecom peers,” said Neil Mack, senior analyst at Moody’s Investors Service.
“It could negatively impact customer behavior, drive churn, and potentially draw scrutiny from the FCC and other regulators.”
© Thomson Reuters 2023
