Jan 20 (Reuters) – T-Mobile (TMUS.O)The No. 3 U.S. wireless carrier by subscribers said Thursday that it is investigating a data breach involving 37 million postpaid and prepaid accounts and that it may incur significant costs related to the incident.
The company, which has more than 110 million subscribers, said on January 5 that it detected the malicious activity within a day and contained it, saying no sensitive data such as financial information was compromised.
However, some basic customer data — name, billing address, email and phone number — was obtained, and T-Mobile said it has begun notifying affected customers.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that a bad actor was able to breach or compromise our computers or our network,” the company said.
The US Federal Communications Commission (FCC) has launched an investigation into the Wall Street Journal data breach. reported Thursday, citing an FCC spokeswoman.
The FCC and T-Mobile did not immediately respond to Reuters requests for comment on the reported investigation.
“While these cybersecurity breaches may not have been systemic in nature, the frequency of their occurrence at T-Mobile is an alarming revelation compared to its telecom peers,” said Neil Mack, senior analyst at Moody’s Investors Service.
“This could negatively impact customer behavior, cause confusion and attract scrutiny from the FCC and other regulators.”
Last year, T-Mobile agreed to pay $350 million and spend an additional $150 million in 2021 to improve data security to settle a lawsuit related to a cyber attack that compromised information belonging to 76.6 million people.
Shares of the Bellevue, Washington-based company fell 2% in after-hours trading.
Reporting by Eva Mathews and Lavanya Ahire in Bangalore; Editing by Sriraj Kalluvila, Maju Samuel, Rashmi Aich and Savio D’Souza
Our Standards: Thomson Reuters Trust Principles.