T-Mobile says investigating data breach involving 37M accounts

U.S. wireless carrier T-Mobile said on Thursday it was investigating a data breach involving 37 million postpaid and prepaid accounts and that it expected to incur significant costs related to the incident.

The company said it identified malicious activity on Jan. 5 and contained it within a day, adding that no sensitive data such as financial information was compromised.

However, some basic customer information was obtained, such as name, billing address, email and phone number, T-Mobile said.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company said, adding it had begun notifying impacted customers.

Shares in the company fell 2 percent in after-hours trade.

Last year, Bellevue, Washington-based T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack in 2021 that compromised information belonging to an estimated 76.6 million people.

T-Mobile has over 110 million subscribers, making it the third-largest wireless carrier in the United States.