According to the company, there is currently no evidence of breach or compromise to its systems or network.
The telecom major is in the process of informing impacted customers that a bad actor used a single Application Programming Interface (API) to obtain limited types of information on their accounts.
In a filing with the U.S. Securities and Exchange Commission, T-Mobile said the impacted API was able to provide some basic customer information, including name, billing address, email, phone number, date of birth, T-Mobile account number and information regarding the number of lines on the account and plan features.
However, no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.
T-Mobile said that on January 5, it identified that a bad actor was obtaining data through a single API without authorization.
The company, through an investigation with external cybersecurity experts, were able to trace the source of the malicious activity and stop it within 24 hours.
The investigation is still ongoing, but the malicious activity appears to be fully contained at this time.
It is now believed that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.
T-Mobile said it has notified certain federal agencies about the incident, and are concurrently working with law enforcement.
The company at present does not expect that the incident will have a material effect on its operations.
The company said, "We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program."
©2023 dpa GmbH, Distributed by Tribune Content Agency, LLC.