IMPORTANT NOTICE

After a thorough investigation, T-Mobile determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on a number of customer accounts.

What happened:

After a thorough investigation, we determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on a number of customer accounts on or around November 25, 2022 through January 5, 2023.

Our systems and policies prevented the most sensitive types of customer information from being accessed. Customer accounts and finances are not directly at risk from this event.

There is no evidence that the bad actor breached or compromised T-Mobile’s network or systems.

T-Mobile discovered the unauthorized activity on January 5, 2023. As soon as we identified the issue, we shut it down within 24 hours and an intensive investigation into the incident began.

Information involved:

The information obtained for each customer varies and may include full names, dates of birth, phone numbers, billing addresses, email addresses, and account and line information (such as billing account numbers, codes for rate plans and features, and number of lines on the account).

Passwords, SSNs and payment methods and usage or call records were NOT affected. NO unauthorized account changes or charges or other fraudulent activity has been detected that is connected to this event.

What we’re doing:

While customer accounts or finances are not directly at risk from this event, we are informing you to ensure you are aware.

  • T-Mobile customers will receive notice in their monthly statement and via their online account.
  • Metro by T-Mobile and Assurance customers will receive notice via SMS or email, depending on available contact information.

We also continue efforts to enhance our cybersecurity program to protect your data, including continuing to make substantial, multi-year investments in strengthening our cybersecurity program.

Safeguards

The significant investments we’ve made in enhancing our cybersecurity systems and processes over the past 18 months, including partnering with third party experts, worked as designed to protect against access to highly sensitive information. While no social security numbers, passwords, PINs, payment card information or other financial account information were exposed, we encourage all T-Mobile customers to regularly take steps to keep their accounts secure including being mindful of phishing attempts. Additional tips are available at t-mobile.com/onlinesafety.

Additional Information

Experian®

P.O. Box 9554 Allen, TX 75013

https://www.experian.com/fraud/
center.html

1-888-397-3742

Equifax®

P.O. Box 740256 Atlanta, GA 30374

https://www.alerts.equifax.com/

1-800-525-6285

TransUnion®

P.O Box 2000 Chester, PA 19016

https://www.transunion.com/fraud-alerts

1-800-680-7289

Contact T-Mobile at 611 from your phone or at 1-800-937-8997