The
company, which has more than 110 million subscribers, said it
identified malicious activity on Jan. 5 and contained it within
a day, adding that no sensitive data such as financial
information was compromised.
However, some basic customer data — such as name, billing
address, email and phone number — was obtained, and it had begun
notifying impacted customers, said T-Mobile.
"Our investigation is still ongoing, but the malicious activity
appears to be fully contained at this time, and there is
currently no evidence that the bad actor was able to breach or
compromise our systems or our network," the company said.
The U.S. Federal Communications Commission (FCC) has opened an
investigation into the data breach, the Wall Street Journal
reported on Thursday, citing an FCC spokesperson.
FCC and T-Mobile did not immediately respond to Reuters'
requests for comment on the reported investigation.
"While these cybersecurity breaches may not be systemic in
nature, their frequency of occurrence at T-Mobile is an alarming
outlier relative to telecom peers," said Neil Mack, senior
analyst for Moody's Investors Service.
"It could negatively impact customer behavior, cause churn to
spike and potentially attract the scrutiny of the FCC and other
regulators."
Last year, T-Mobile agreed to pay $350 million and spend an
additional $150 million to upgrade data security to settle
litigation over a cyberattack in 2021 that compromised
information belonging to an estimated 76.6 million people.
The Bellevue, Washington-based company's shares fell 2% in
after-hours trade.
(Reporting by Eva Mathews and Lavanya Ahire in Bengaluru;
Editing by Sriraj Kalluvila, Maju Samuel, Rashmi Aich and Savio
D'Souza)
[© 2023 Thomson Reuters. All rights
reserved.]
Copyright 2022 Reuters. All rights reserved. This material may
not be published, broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|