Data breaches are becoming increasingly common among our regularly used online services, but companies like LastPass and T-Mobile appear to be more impacted than others with repeated attacks. It hasn’t even been two years since its last major breach involving tens of millions of customers, T-Mobile has sustained another hack in 2023 that is believed to be of a similar magnitude.

T-Mobile announced that it is investigating a data breach where a bad actor exploited an API to gain access to its servers and was able to successfully steal user data. According to the Wall Street Journal, the FCC is separately investigating this attack but neither the FCC nor T-Mobile have publicly confirmed that's the case. Reuters notes that the breach happened on January 5th, and the telco was able to fend the attackers off within 24 hours. But the hackers still managed to steal the data of about 37 million customers.

The data that got into the intruder's hands includes plenty of personally identifiable details like name, physical address, email, phone number, date of birth, and T-Mobile account particulars. Thankfully, they couldn’t access more sensitive information like any financial data, government IDs (including social security numbers), passwords, and payment details.

While T-Mobile is trying to downplay the impact of this breach in its official statement, the leaked data could be easily used against the affected users once it reaches spammers and anyone with malicious intent. The company seems to have learned very little since its last breach that compromised much more sensitive data of its 40 million subscribers.

There isn't much you can do on your own to keep your data safe from such highly sophisticated break-ins targeting large corporations. However, you can still protect your online accounts to a large extent with strong passwords generated using one of the top password managers and adding 2FA as the second layer of security.