(CNN) — T-Mobile reported that an “evil agent” accessed the personal data of 37 million existing customers in a data breach in November.
In a regulatory filing on Thursday, the company said the hacker stole customer data including names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and information describing the type of service they have with the wireless carrier. T-Mobile said no social security numbers, credit card information, government identification numbers, passwords, PINs or financial information were exposed in the attack.
However, that information can be compiled with other stolen or publicly available information and used by scammers to steal people’s identities or money. T-Mobile said it works with law enforcement and has begun notifying customers whose information may have been breached.
The wireless service provider did not indicate what it could do to remedy the situation. He said it could be hard-pressed for “significant expenses” due to the attack, though the company said it doesn’t expect the charges to have a material effect on T-Mobile’s results.
After T-Mobile learned of the data breach, the company said it hired an outside cybersecurity team to investigate. T-Mobile was able to discover the source of the breach and stop it one day after the attack was discovered. The company says it is continuing to investigate the data breach, but believes it is “fully contained.” He also noted that T-Mobile’s systems and network do not appear to have been hacked.
“Protecting our customers’ data is a top priority,” T-Mobile said in a statement. “We will continue to make substantial investments to strengthen our cybersecurity program.”
The company noted that it began a “substantial multi-year investment” in 2021 to improve its cybersecurity capabilities and protections.