T-Mobile US Inc. suffered a cyberattack that exposed some personal information belonging to 37 million customers, but not “the most sensitive” kinds, the wireless giant said Thursday. The attack occurred through a breach of an application programming interface that T-Mobile
discovered Jan. 5, according to a Thursday filing with the Securities and Exchange Commission. The API provided access to “a limited set” of account data including names, billing addresses, email addresses, phone numbers, birthdays and account numbers, as well as some information about the types of plans customers are on.
“Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, based on our investigation to date, customer accounts and finances were not put at risk directly by this event,” T-Mobile said in the filing. The company also noted that it doesn’t have any evidence of a breach of its systems or network. Though the company identified 37 million current postpaid and prepaid customer accounts whose data were accessed, it noted that “many of these accounts did not include the full data set.” After discovering the malicious a …