T-Mobile, the American mobile operator, has announced that a data breach has affected 37 million customers. The company reported that a hacker exploited an application programming interface (API) to gain unauthorized access to customer information. T-Mobile admitted that the hack may have started as early as November 25th, but they did not discover the attack until January 5th.

In response, T-Mobile immediately launched an investigation with external cybersecurity experts, and within a day of discovering the breach, they were able to trace the source of the malicious activity and stop it. The company has also reported that there is currently no evidence that the hacker was able to breach or compromise their systems or network.

This is not the first time T-Mobile has been hacked. In August 2021, the company announced that a hacker had accessed information pertaining to 7.8 million existing customers, and more than 40 million former and prospective customers. The figure was later revised upwards to 76.6 million. T-Mobile reportedly paid the hacker $200,000 to stop the data from being sold on the dark web, but the data was sold anyway. The company also disclosed hacks in 2018, 2019, and two separate incidents in 2020.

In July 2021, T-Mobile agreed to pay $500 million to settle class action lawsuits brought by those affected by the 2021 breach. The plaintiffs accused the company of failing to adequately protect customers’ data. T-Mobile agreed to contribute $350 million to cover legal fees and compensation, and agreed to spend a further $150 million on making improvements to data security and related technology. However, given the regularity of T-Mobile’s hacking incidents, it is unclear if $150 million will be enough to adequately address the problem.

Source: Telecoms.com