(Reuters) U.S. wireless carrier T-Mobile (TMUS.O) said on Thursday it was investigating a data breach that may have exposed 37 million postpaid and prepaid accounts, and hinted at incurring significant costs related to the incident.
It’s the second major cyberattack in less than two years and comes months after the carrier agreed to upgrade its data security to settle a litigation related to a 2021 incident that compromised information of an estimated 76.6 million people.
The company identified malicious activity on Jan. 5 and contained it within a day, it said, adding no sensitive data such as financial information was exposed.
T-Mobile, however, added that basic customer data – such as name, billing address, email and phone number – was breached and that it had begun notifying impacted customers. The company has more than 110 million subscribers.
“Carriers have a unique responsibility to protect customer information. When they fail to do so, we will hold them accountable. This incident is the latest in a string of data breaches at the company, and the FCC is investigating,” the spokesperson said.