T-Mobile has once again been hit by a massive data breach, this time impacting some 37 million customers’ data.
T-Mobile has written a blog post outlining the details of its latest breach:
We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.
The company says it shut down the breach within 24 hours of discovering it, and that customers’ most sensitive information was protected.
No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
While the scope of this data breach may have been fairly limited, it’s still disconcerting that the company has experienced two such breaches in as many years, with the last one costing the company $350 million to settle.
Hopefully T-Mobile will be able to shore up its security and prevent further incidents.