Hackers recently obtained personal data of around 37 million T-Mobile customers, the wireless company disclosed Thursday.
The breach occurred in late November, and was discovered by T-Mobile on January 5, the carrier said in a Securities and Exchange Commission filing.
The carrier has suffered several other high-profile data breaches in the last five years, including one in 2021 in which hackers obtained full names, birthdates, Social Security numbers and driver's license information for millions of customers. The company collects that type of sensitive information when running credit checks of people who apply for post-paid accounts.
In the most recent incident, hackers obtained customers' names, addresses, emails, phone numbers, birth dates and information about their wireless plans. But T-Mobile says other sensitive data -- including social security numbers and financial account information -- wasn't exposed.
“Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, based on our investigation to date, customer accounts and finances were not put at risk directly by this event,” the company stated in its filing.
T-Mobile recently agreed to pay $350 million to customers, and $150 million to upgrade security, to settle a class-action lawsuit stemming from the 2021 data breach.
Earlier this month, the Federal Communications Commission moved forward with a proposal to require telecoms to notify consumers, federal law-enforcement agencies and the Commission itself about all data breaches.
The agency also proposed eliminating a current rule that requires telecoms to delay informing consumers about data breaches until at least seven business days after notifying law enforcement.