Mobile giant T-Mobile disclosed a new data breach that resulted in the theft of data belonging to 37 million customer accounts.
According to the announcement made, “a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.”
The announcement continues: “No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information”, “including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features” was obtained.
T-Mobile said it first learned of the incident on Jan. 5, 2023, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022. The company says it is in the process of notifying affected customers.
Read more about it here.