T-Mobile confirms it was hit by a data breach

The US operator has not yet determined if there is any personal customer data involved

UPDATE: T-Mobile has confirmed that data belonging to the company may have been “illegally accessed”.

“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” the company said in a statement to IT Pro. “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”

T-Mobile added that the investigation will “take some time” but it is working with the “highest degree of urgency”.

“Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others,” it said.

The company also said that once it has a more complete and verified understanding of what occurred, it will then communicate with its customers and stakeholders.

16/08/21: T-Mobile has launched an investigation into a claim on an online forum which suggests that the personal data from over 100 million users have been breached.

The forum post doesn’t explicitly mention the company, but the seller told Motherboard they have obtained data related to over 100 million people and that this data came from T-Mobile servers.

The data reportedly contains social security numbers, driver license information, phone numbers, physical addresses, and unique IMEI numbers. Motherboard saw samples of the data and confirmed they contained accurate information on T-Mobile customers.

On the forum, the seller is asking for six Bitcoin, which is approximately $270,000, for a subset of the data which contains 30 million social security numbers and driver licenses.

"I think they already found out because we lost access to the backdoored servers," the seller told Motherboard, referring to T-Mobile's potential response to the breach.

Despite this, the seller said they had already downloaded the data locally and it is backed up in multiple places.

"We are aware of claims made in an underground forum and have been actively investigating their validity,” T-Mobile said in a statement to IT Pro. “We do not have any additional information to share at this time."

Related Resource

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Five essentials from your endpoint security partner - title against a background of blue circles - whitepaper from MalwarebytesDownload now

Ilia Kolochenko, Founder of ImmuniWeb and a member of Europol Data Protection Experts Network, said that the price for the records is "very cheap", at just 1 cent per victim. He said the data could be exploited to conduct targeted mobile attacks, social engineering, sophisticated phishing campaigns, or financial fraud.

"From a legal viewpoint, if the information about the breach is confirmed, T-Mobile may face an avalanche of individual and class action lawsuits from the victims, as well as protracted investigations and serious monetary penalties from the states where the victims are based," he said, adding that it would be premature to make a conclusion before T-Mobile makes an official statement on the quantity and nature of the stolen data.

In January this year, T-Mobile suffered a data breach affecting information government agencies considered to be highly sensitive. It affected around 200,000 customers and contained information such as customer phone numbers and the number of lines subscribed to on their account.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021