Okay, I should have led with this, from their 8k. My translation follows.

"As we have previously disclosed, in 2021, we commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. We have made substantial progress to date, and protecting our customers’ data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program."

Didn't we say this was going to take a long time? Sheesh.

"We may incur significant expenses in connection with this incident."

We might have to pay some small percentage of customers who go through all the trouble of filing a claim to claim a measly few bucks. But in no way will this figure come close to a significant fraction of what we earn in a quarter.

"Although we are unable to predict the full impact of this incident on customer behavior in the future, including whether a change in our customers’ behavior could negatively impact our results of operations on an ongoing basis, we presently do not expect that it will have a material effect on the Company’s operations."

This is probably the only true statement in the 8k.

..aaaaand here's my take on it.

https://krebsonsecurity.com/2023/01/new-t-mobile-breach-affects-37-million-accounts/

Thank you @hackdefendr for the excellent image.

@briankrebs @hackdefendr >The company said it first learned of the incident on Jan. 5, 2022, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022.

Do you mean Jan 5 2023?