The mobile operator said hackers had compromised data for 7.8mn postpaid customers, 850,000 prepaid customers, and 40mn records for former or prospective customers.
An underground forum was used to advertise the sale of personal data that hackers claim to have stolen from T-Mobile servers.
Academics from Princeton found more than half the numbers they obtained could be linked to personal data about former users.
T-Mobile USA will pay the FCC’s largest fixed-amount civil penalty as redress for Sprint wrongly claiming Lifeline payments.
The FCC said a cascade of failures would have been prevented if T-Mobile USA had periodically audited the diversity of their networks.
Princeton academics tested how little information was needed to persuade five US mobile telcos to execute a SIM swap.
T-Mobile US, Comcast and Inteliquent say they have achieved a global first by using a digital signature to validate the origin of a call routed across three networks.
Though no financial data was compromised, there will be an increased risk of account takeovers.
North Carolina Attorney General Josh Stein has persuaded the bulk of US telephony providers to adopt eight principles for stopping nuisance robocalls.
The telco is being sued for not blocking threatening calls where the originating number was shown as ‘0000’.