US telecom company T-Mobile announced Thursday that a recent hack impacted 37 million of its customers’ data.
In a filing with the US Securities and Exchange Commission (SEC), the company said it realized on January 5 that a “bad actor” had managed to infiltrate its computer system and was siphoning off information without authorization.
After identifying the source of the hack, it was fixed within 24 hours, the company said, adding that it believes the rest of its systems were not affected.
The company later determined that the attack likely began around November 25.
The hacked information includes T-Mobile customers’ names, addresses, email, phone numbers, dates of birth, and account numbers.
It does not include bank or social security card numbers, tax information, or passwords, the company said.
“Customer accounts and finances were not put at risk directly by this event,” the Deutsche Telekom-owned company said.
Affected customers will be notified and an internal investigation is still underway, it added.
“We may incur significant expenses in connection with this incident,” T-Mobile said.
The latest hack comes after another episode in 2021 affected the data of 76.6 million US residents.
The company agreed last summer to pay $350 million to settle lawsuits filed by plaintiffs in a class action suit and to spend $150 million on data protection and cybersecurity in 2022 and 2023.