T-Mobile suffered another data breach that may have affected up to 37 million customers, regulatory filings reveal.

The U.S. cellular company first discovered that hackers had infiltrated its systems on January 5 of this year. In a press release (opens in new tab), T-Mobile explains that access to the system was shut down within 24 hours, during which time the hackers behind the attack managed to obtain a large amount of customers' personal data.

However, as reported by the Wall Street Journal (opens in new tab), the company believes that hackers may have had access to its systems since November 25 of last year; T-Mobile is not only conducting an internal investigation, but also working with law enforcement and cybersecurity consultants to determine how the hackers were able to access the company's systems.

It found that "malicious actors were using a single application programming interface (or API) to obtain limited types of information from customer accounts." Fortunately, T-Mobile's systems and policies "prevented access to the most sensitive types of customer information," but a substantial amount of customer data was exposed as a result of the breach.

According to T-Mobile, the hackers involved in the company's second major data breach may have accessed customer names, billing addresses, emails, phone numbers, dates of birth, and account numbers, but may also have accessed account line numbers and plan features.

No passwords, payment information, Social Security numbers, government ID numbers, or other financial account information was compromised as a result of the data breach.

In a statement on the matter, T-Mobile tried to downplay the breach, saying that the customer information obtained is "widely available in marketing databases and directories," but it is still a major problem and the company faces regulatory scrutiny and possibly fines The company could face regulatory scrutiny and possibly fines. If this information falls into the hands of hackers, T-Mobile's customers are more likely to fall victim to phishing attacks and identity theft.

T-Mobile has pledged to make "substantial, multi-year investments" to strengthen its cybersecurity program, but has not yet gone so far as to offer the best identity theft protection services free of charge to affected customers. However, this could change, especially if there is a lot of pushback regarding information theft.

While you can install the best antivirus software on your computer to protect yourself from malware and other cyber attacks, there is not much you can really do if the company you do business with is the victim of a data breach. Since your login information was not compromised, changing your password will not do much, but if you are not using a strong, complex, and unique password to protect your T-Mobile account, it may be worth changing it.

However, if you are particularly vigilant, you may still want to consider investing in identity theft protection, since many of the companies that offer these services include dark web scans that can find out if your personal information is already in the hands of hackers You may still want to consider investing in identity theft protection. See our roundup of the best identity theft protection services based on our testing.

In this case, we will have to wait and see how T-Mobile responds. For example, thousands of PayPal customers recently fell victim to a credential-stuffing attack, and even though the company was not at fault, it offered free identity monitoring for two years.