T-Mobile, the third latest mobile operator in the United States, said it started investigating a cyber security incident and data breach involving 37 million postpaid and prepaid accounts.

T-Mobile said that it expected to incur significant costs related to the second cyber security incident.

Last year, Bellevue, Washington-based T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack in 2021 that compromised information belonging to an estimated 76.6 million people, Reuters news report said.

T-Mobile identified malicious activity on Jan. 5 and contained it within a day. T-Mobile revealed that no sensitive data such as financial information was compromised.

However, some basic customer information was obtained, such as name, billing address, email and phone number, T-Mobile said.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” T-Mobile said.

T-Mobile, which has over 110 million subscribers, has begun notifying impacted customers.

The U.S. Federal Communications Commission (FCC) has opened an investigation into the company’s data breach incident, the Wall Street Journal reported.