The American wireless service provider T-Mobile announced on Thursday that it had been the victim of a computer hack that affected the data of 37 million customers.
The company discovered on Jan. 5 that a “malicious actor” had managed to infiltrate its computer system and was in the process of harvesting information without authorization, a stock exchange document states.
T-Mobile was able to discover the source of the information leak and fix it in less than 24 hours and believes the rest of its systems were unaffected. The company later determined that the attack likely began around November 25.
The hacked information includes name, address, email, phone number, date of birth and account number with T-Mobile.
They don’t include credit card or social security numbers, tax information, or passwords, T-Mobile said.
“Customer accounts and finances should not be directly endangered by this event,” said the company controlled by Deutsche Telekom.
An internal investigation is still ongoing and authorities have been notified. Affected customers will also be notified.
The incident is expected to result in significant costs but should not materially impact the company’s operations, T-Mobile said.
The company had already fallen victim to a major hack in 2021 that affected the data of 76.6 million Americans.
It agreed last summer to pay $350 million to settle claims brought by plaintiffs in a class-action lawsuit and spend $150 million on privacy and cybersecurity in 2022 and 2023.