U.S. wireless carrier T-Mobile (TMUS.O) said on Thursday it was investigating a data breach involving 37 million postpaid and prepaid accounts and that it expected to incur significant costs related to the incident.
The company said it identified malicious activity on Jan. 5 and contained it within a day, adding that no sensitive data such as financial information was compromised.
However, some basic customer information was obtained, such as name, billing address, email and phone number, T-Mobile said.
"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network," the company said, adding it had begun notifying impacted customers.
The U.S. Federal Communications Commission (FCC) has also opened an investigation into the company's data breach incident, the Wall Street Journal reported on Thursday, citing an FCC spokesperson.
FCC and T-Mobile did not immediately respond to Reuters' requests for comment on the reported investigation.
Shares in the company fell 2% in after-hours trade.
Last year, Bellevue, Washington-based T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack in 2021 that compromised information belonging to an estimated 76.6 million people.
T-Mobile has over 110 million subscribers, making it the third-largest wireless carrier in the United States.