IMPORTANT NOTICE

What happened

After a thorough investigation, we determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on a number of customer accounts on or around November 25, 2022 through January 5, 2023.

Our systems and policies prevented the most sensitive types of customer information from being accessed. Customer accounts and finances are not directly at risk by this event.

There is no evidence that the bad actor breached or compromised
T-Mobile's network or systems.

T-Mobile discovered the unauthorized activity on January 5, 2023. As soon as we identified the issue, we shut it down within 24 hours and an intensive investigation into the incident began.

Information involved

Passwords, SSNs, Tax ID, call/text records and payment methods and usage or call records were NOT accessed, but other information like business name, phone numbers, # of lines, contact details may have been obtained.

NO unauthorized account changes or charges or other fraudulent activity
has been detected that is connected to this event.

What We are Doing

While customer accounts or finances are not put directly at risk from this event, we are informing you to ensure you are aware.

• T-Mobile customers will receive notice in their monthly statement and via their online account.
• Where we are unable to notify you on your online account, a direct mail will be sent to your address of record.

We also continue efforts to enhance our cybersecurity program to protect your data, including continuing to make substantial, multi-year investments in strengthening our cybersecurity program.