T-Mobile has disclosed another breach of its network, this one exposing data on 37 million current customers. In a regulatory filing, the company said the breach occurred in November.
The hacker reportedly gained access to customers’ names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and other information specific to T-Mobile services. The company said hackers did not gain access to social security numbers, credit card information, government ID numbers, passwords, PINs or financial information.
Still, the hack poses a significant privacy risk. Privacy experts say the information obtained from T-Mobile could be connected with other data being sold on the dark web, posing a risk of identity theft.
U.S. PIRG’s consumer watchdog Teresa Murray said consumers seem to be subjected to these kinds of risks on a regular basis.
“It’s been 15 years since the first huge corporate data breach, which compromised 100 million payment records with Heartland Payment Systems,” Murray said. “After all this time, companies still haven’t figured out how to take care of their customers. It’s infuriating.”
This isn’t the wireless carrier’s first data breach. In 2021 the company revealed that data on 54 million customers fell into the wrong hands. In September 2022, T-Mobile agreed to pay $350 million to settle charges related to the breach.
In the regulatory filing, T-Mobile said it expects it will have to open its checkbook once again to resolve issues resulting from this latest hack.
“Protecting our customers’ data remains a top priority,” T-Mobile said in a statement. “We will continue to make substantial investments to strengthen our cybersecurity program.”
For Murray, that’s not quite enough. She says consumers have to take the protection of their privacy into their own hands.
“By now, we should all assume that much of our data is in the hands of scammers and take precautions such as freezing our credit files,” Murray said. “We’ve seen so many massive breaches over the years at retailers such as Target and Home Depot, digital companies including Facebook, financial firms such as JPMorgan Chase, and perhaps the most infamous, Equifax.”
Murray said these companies, and all enterprises that collect consumer data, need to do a better job protecting it.