What happened

After a thorough investigation, we determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on a number of customer accounts on or around November 25, 2022 through January 5, 2023.

Our systems and policies prevented the most sensitive types of customer information from being accessed. Customer accounts and finances are not directly at risk by this event.

There is no evidence that the bad actor breached or compromised
T-Mobile's network or systems.

T-Mobile discovered the unauthorized activity on January 5, 2023. As soon as we identified the issue, we shut it down within 24 hours and an intensive investigation into the incident began.

Information involved

Passwords, SSNs, Tax ID, call/text records and payment methods and usage or call records were NOT accessed, but other information like phone numbers, # of lines, account contact details may have been obtained.

NO unauthorized account changes or charges or other fraudulent activity
has been detected that is connected to this event.

 

 

 

 

 

 

 

 

What We are Doing

While customer accounts or finances are not put directly at risk from this event, we are informing you to ensure you are aware.

  • T-Mobile customers will receive notice in their monthly statement and via their online account.
  • Where we are unable to notify you on your online account, a direct mail will be sent to your address of record.

We also continue efforts to enhance our cybersecurity program to protect your data, including continuing to make substantial, multi-year investments in strengthening our cybersecurity program.

 

 

 

Safeguards

The significant investments we’ve made in enhancing our cybersecurity systems and processes over the past 18 months, including partnering with third party experts, worked as designed to protect against access to highly sensitive information. While no social security numbers, passwords, PINs, payment card information or other financial account information were exposed, we encourage all T-Mobile customers to regularly take steps to keep their accounts secure including being mindful of phishing attempts. Additional tips are available at t-mobile.com/onlinesafety.

More information about monitoring your credit report.

Experian®

P.O. Box 9554

Allen, TX 75013

https://www.experian.com/fraud/center.html

1-888-397-3742

TransUnion®

P.O Box 2000

Chester, PA 19016

https://www.transunion.com/fraud-alerts

1-800-680-7289

 

Contact your T-Mobile Account Executive, Dedicated Expert or our Team of Care Experts at 1-800-375-1126.