Lowey Dannenberg is investigating claims for violations of the common law and state consumer protection statutes by T-Mobile US, Inc. and T-Mobile USA, Inc. (“T-Mobile”), as a result of a data breach involving sensitive customer account data affecting approximately 37 million accounts.

If you received a notice letter or email from T-Mobile, wish to participate, learn more, or discuss the issues surrounding the investigation please fill out the contact form below or please contact one of our attorneys at (215) 399-4782, or via email at investigations@lowey.com.

What Happened and What Information Was Involved:

T-Mobile is the second largest wireless carrier in the United States, with over 100 million current subscribers.

T-Mobile recently announced that on January 5, 2023, T-Mobile identified that a “bad actor” had obtained data through T-Mobile’s single Application Programming Interface (“API”) without authorization. T-Mobile’s investigation indicated the “bad actor” obtained data from this API for approximately 37 million current postpaid and prepaid customer accounts. According to T-Mobile, the impacted API provided customer account data, including:

• Name,
• Billing address,
• Email,
• Phone number,
• Date of birth,
• T-Mobile account number, and
• Information such as the number of lines on the account and plan features.