Shutterstock

T-Mobile has been hit by another data breach, this time impacting approximately 37 million customers. The wireless carrier said a bad actor obtained basic customer information -- such as names, account numbers, and billing addresses -- but did not access any sensitive customer information, including government ID numbers or payment card information. 

Featured

• New iPhone 15 Pro overheating reports: Still too hot after iOS 17.0.3 and fresh issues arise after the update
• Generative AI will far surpass what ChatGPT can do. Here's everything on how the tech advances
• iPhone 15 Pro review: Prepare to be dazzled
• The best USB-C cables for the iPhone 15: What the experts recommend

According to a disclosure document T-Mobile filed with the US Securities and Exchange Commission, the company believes the bad actor first gained access to customer information around November 25, 2022. T-Mobile discovered the breach on January 5, 2023. 

Within 24 hours, the company traced the source of malicious activity and stopped it. 

Also:Cybersecurity jobs: Five ways to help you build your career

The hacker used a single application programming interface (API) to gain access to T-Mobile data. The company is still investigating the breach but said the malicious activity appears to be fully contained. 

The breach hit postpaid and prepaid customer accounts. According to T-Mobile, no passwords, payment card information, social security numbers, government ID numbers, or other financial account information were compromised. The hacker did gain access to basic data, including customer names, billing addresses, emails, phone numbers, dates of birth, account numbers, and information such as the number of lines on the account and service plan features.

So far, there's no evidence that the bad actor was able to breach or compromise T-Mobile's systems or its network. 

T-Mobile is currently in the process of informing customers about the incident and is working with law enforcement to investigate the incident. 

Also: What is phishing? Everything you need to know to protect against scam emails -- and worse

T-Mobile has been hit by a number of data breaches in recent years. The company will soon pay$350 million to settle customer claims from a class action lawsuit stemming from a data breach. The company is also in the middle of a major, multi-year cybersecurity overhaul. 

"We have made substantial progress to date, and protecting our customers' data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program," the company said in its SEC filing.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next