U.S. wi-fi provider T-Mobile mentioned Thursday that an unidentified malicious intruder breached its community in late November and stole knowledge on 37 million clients, together with addresses, cellphone numbers and dates of beginning.

Michael Dwyer/AP

disguise caption

toggle caption

Michael Dwyer/AP

U.S. wi-fi provider T-Mobile mentioned Thursday that an unidentified malicious intruder breached its community in late November and stole knowledge on 37 million clients, together with addresses, cellphone numbers and dates of beginning.

Michael Dwyer/AP

BOSTON — The U.S. wi-fi provider T-Mobile mentioned Thursday that an unidentified malicious intruder breached its community in late November and stole knowledge on 37 million clients, together with addresses, cellphone numbers and dates of beginning.

T-Mobile mentioned in a submitting with the U.S. Securities and Exchange Commission that the breach was found Jan. 5. It mentioned the information uncovered to theft — based mostly on its investigation thus far — didn’t embrace passwords or PINs, checking account or bank card data, Social Security numbers or different authorities IDs.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” T-Mobile mentioned, with no proof the intruder was in a position to breach the corporate’s community. It mentioned the information was first accessed on or round Nov. 25.

T-Mobile mentioned it has notified regulation enforcement and federal companies, which it didn’t title. It didn’t instantly reply to an e-mail searching for remark.

The firm has been hacked a number of occasions in recent times. In its submitting, T-Mobile mentioned it didn’t count on the newest breach to have materials influence on its operations. But a senior analyst for Moody’s Investors Service, Neil Mack, mentioned in an announcement that the breach raises questions on administration’s cyber governance and will alienate clients and appeal to scrutiny by the Federal Communications Commission and different regulators.

“While these cybersecurity breaches may not be systemic in nature, their frequency of occurrence at T-Mobile is an alarming outlier relative to telecom peers,” Mack mentioned.

In July, T-Mobile agreed to pay $350 million to clients who filed a category motion lawsuit after the corporate disclosed in August 2021 that private knowledge together with Social Security numbers and driver’s license data had been stolen. Nearly 80 million U.S. residents have been affected.

It additionally mentioned on the time that it might spend $150 million by 2023 to fortify its knowledge safety and different applied sciences.

Prior to the August 2021 intrusion, the corporate disclosed breaches in January 2021, November 2019 and August 2018 by which buyer data was accessed.

T-Mobile, based mostly in Bellevue, Washington, grew to become one of many nation’s largest cellphone service carriers in 2020 after shopping for rival Sprint. It reported having greater than 102 million clients after the merger.