STATEMENT: Latest T-Mobile data breach affects about 37 million accounts

CLEVELAND — Cellular giant T-Mobile on Thursday said its customer records have been hacked again. This time, it affects about 37 million prepaid and postpaid accounts. The disclosure came in a regulatory filing with the Securities and Exchange Commission. The breach was discovered two weeks ago.

T-Mobile, one of the big three cell phone companies, said “a bad actor” obtained “limited types of information” on customer accounts.

“As soon as our teams identified the issue, we shut it down within 24 hours,” the company said. “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”

The company said no passwords, payment card information, Social Security numbers, government ID numbers or other financial account information were compromised. But it said: “Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.”

In 2021, T-Mobile said that personal information including full names, dates of birth, Social Security numbers and more was compromised for about 53 million current and prospective customers. 

In response to the latest breach, PIRG’s Consumer Watchdog Teresa Murray said:

“It’s been 15 years since the first huge corporate data breach, which compromised 100 million payment records with Heartland Payment Systems. After all this time, companies still haven’t figured out how to take care of their customers. It’s infuriating. 

“We all provide tons of personal and financial information to utilities, retailers, insurers, hotels and more, and it’s reasonable for us to expect that they’ll safeguard it. Yet again, that trust has been violated by T-Mobile.

“By now, we should all assume that much of our data is in the hands of scammers and take precautions such as freezing our credit files. We’ve seen so many massive breaches over the years at retailers such as Target and Home Depot, digital companies including Facebook, financial firms such as JPMorgan Chase and perhaps the most infamous, Equifax.

“On the other hand, it’s insulting and irresponsible for T-Mobile to try to brush this data breach aside by saying ‘nearly all’ of customers’ personal information is already ‘widely available in marketing databases or directories.’ All companies — especially those the size of T-Mobile which has so much data —  must do better.”

Data breaches often lead to fraud/ identity theft, which is the No. 1 complaint to the Federal Trade Commission. See our tips guide: 22 ways to protect yourself from fraud, identity theft and headaches