Wireless carrier T-Mobile revealed Friday that 37 million users' data was stolen in a breach in November. In a filing to the U.S. Securities and Exchange Commission, the company revealed that the breach was discovered in early January, but "the malicious activity appears to be fully contained at this time."
The stolen data includes customer names, account numbers, billing addresses, emails, phone numbers, birthdays, and service information, CNN writes. T-Mobile has said that no social security numbers, credit card information, government ID numbers, passwords, PINs, or other financial details were stolen in the breach.
Since 2018, the company has had eight data hacks, reports The Verge. These have raised concerns from the government and customers about the company's management. "While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers," explained Moody's Investors Service senior analyst Neil Mack.
In July 2022, T-Mobile had to pay $350 million following a class-action lawsuit concerning a data breach in August 2021 where social security numbers and driver's license information were stolen, The Associated Press reports. The company launched a "substantial, multi-year investment" to improve its cybersecurity in 2021 and plans to spend $150 million through 2023 to strengthen security.
"Protecting our customers' data remains a top priority," T-Mobile said in a statement. "We will continue to make substantial investments to strengthen our cybersecurity program."