T-Mobile says it's "currently in the process of informing impacted customers that after a thorough investigation, we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts."
The breach began on Friday, Nov. 25, and the data breached included name, billing address, email, phone number, date of birth, T-Mobile account number, and "information such as the number of lines on the account and plan features,” according to T-Mobile.
"The preliminary result from our investigation indicates that the bad actor(s) obtained data from this API for approximately 37 million current postpaid and prepaid customer accounts, though many of these accounts did not include the full data set," the company stated in an SEC filing on Thursday, Jan. 19.
"While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware," T-Mobile said in a separate statement.
Click here to follow Daily Voice Quincy and receive free news updates.