An FCC spokesperson told Reuters that when carriers such as T-Mobile fail to protect their customers, "we will hold them accountable," before noting that this is just "the latest in a string of data breaches at the company."
What was included in the breach? Names, addresses, phone numbers, and birthdates. What the breach did NOT include, thankfully, were PINs, banking information, or social security numbers.
According to the SEC filing, T-Mobile says that "there is currently no evidence that the bad actor was able to breach or compromise our systems or our network."
The filing goes on to address the $150 million investment from 2021.
"As we have previously disclosed," they write, "in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. We have made substantial progress to date, and protecting our customers’ data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program."