Telecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of the personal details of 37 million users, the company reported in a\u00a0filing\u00a0to the US Securities and Exchange Commission on Thursday.\u00a0Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed, the company revealed.\u00a0However, T-Mobile in a statement\u00a0insisted that customer payment card information (PCI), social security numbers\/tax IDs, driver\u2019s license or other government ID numbers, passwords\/PINs, or other financial account information were not exposed.\u00a0Data obtained through a single API\u00a0T-Mobile said it found that a bad actor had obtained data through a single application programming interface (API) without authorization on January 5. However, the company said the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.\u00a0There was an investigation conducted by external cybersecurity experts and within a day of identifying the malicious activity, the source was traced, and the activity was stopped.\u00a0\u201cOur investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,\u201d T-Mobile said.\u00a0The company said it has notified certain federal agencies about the incident and is concurrently working with law enforcement. \u201cAdditionally, we have begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements,\u201d it said.\u00a0T-Mobile said it may incur significant expenses in connection with this incident. However, it is still unable to predict the full impact of the incident on customer behavior in the future, \u201cincluding whether a change in our customers\u2019 behavior could negatively impact our results of operations on an ongoing basis, we presently do not expect that it will have a material effect on the company\u2019s operations.\u201d\u00a0In 2021, the telco commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance its cybersecurity capabilities and transform its approach to cybersecurity. \u201cWe have made substantial progress to date and protecting our customers\u2019 data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program,\u201d T-Mobile added.\u00a0Not the first security breach at T-MobileThis is not the first major cybersecurity incident on T-Mobile. T-Mobile has suffered 7 more large breaches since 2018. In\u00a0August 2018, the company said that 3% of its customer data was leaked. An attacker was exfiltrating personal data such as customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid).In 2019, November,\u00a0the company disclosed that the account information of an undisclosed number of prepaid customers was accessed by an unauthorized third party.\u00a0In March 2020,\u00a0T-Mobile announced a data breach caused by an email vendor being hacked that exposed the personal and financial information of some of its customers. In the same year in\u00a0December, the company suffered another breach that exposed customers\u2019 proprietary network information (CPNI), including phone numbers and call records.T-Mobile again disclosed a data breach after an unknown number of customers were affected by SIM swap attacks in\u00a0February 2021. The telecommunications giant had warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver\u2019s license\/ID of some 77 million individuals comprising current, former, or prospective customers had been exposed via a\u00a0data breach in August 2021.\u00a0However, its ordeal didn\u2019t end with this. In another incident in April 2022,\u00a0Lapsus$, a hacker group, was able to gain access to the company\u2019s internal tools, which gave them the chance to carry out\u00a0SIM swaps.Eventually, in July 2022, T-Mobile was forced to pay $350 million to customers affected by the August 2021 breach, as a part of a settlement, and agreed to invest $150 million to upgrade its cybersecurity through 2023.