T-Mobile revealed last month that it had been the victim of a data breach in November which affected and exposed the personal information of 37 million accounts. This announcement comes just two years after a larger breach in which T-Mobile ended up having to pay $350 million after a class action lawsuit was brought against them. According to NPR, they also agreed to "spend $150 million through 2023 to fortify its data security."
An FCC spokesperson told Reuters that when carriers such as T-Mobile fail to protect their customers, "we will hold them accountable," before noting that this is just "the latest in a string of data breaches at the company."
What was included in the breach? Names, addresses, phone numbers, and birthdates. What the breach did NOT include, thankfully, were PINs, banking information, or social security numbers.
According to the SEC filing, T-Mobile says that "there is currently no evidence that the bad actor was able to breach or compromise our systems or our network."
The filing goes on to address the $150 million investment from 2021.
"As we have previously disclosed," they write, "in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. We have made substantial progress to date, and protecting our customers’ data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program."