World

T-Mobile is Investigating Report of Customer Data Breach

T-Mobile confirmed Sunday that it’s looking into an online forum post that claims to be selling a large trove of its customers’ sensitive data. Motherboard reported that it was in contact with the seller of the data, who said they had taken data from T-Mobile’s servers that included Social Security numbers, names, addresses, and driver license information related to more than 100 million people.

A T-Mobile spokesperson said in an email to The Verge, “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver’s licenses information, the seller said. The motherboard has seen samples of the data and confirmed they contained accurate information on T-Mobile customers.

“T-Mobile USA. Full customer info… I think they already found out because we lost access to the backdoored servers,” the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile. They said that although it appears T-Mobile has since kicked them out of the hacked servers, the seller had already downloaded the data locally. “It’s backed up in multiple places,” they said.

It’s not clear when the data may have been accessed, but T-Mobile has been the target of several data breaches in the last few years, most recently in December 2020. During that incident, call-related information and phone numbers for some of its customers may have been exposed, but the company said at the time that it did not include more sensitive info such as names or Social Security numbers.

In March 2020 breach exposed some T-Mobile customers’ financial information, Social Security numbers, and other account information. In 2018, hackers accessed personal information for roughly 2 million T-Mobile customers that included names, addresses, and account numbers, and in 2019, some of T-Mobile’s prepaid customers were affected by a breach that also accessed names, addresses, and account numbers.

In the Motherboard online forum, the hacker is asking for 6 bitcoin or $270,000 for a subset of the data containing 30 million social security numbers and driver licenses, while the rest of the data is being sold privately, according to the Vice report.

T-Mobile said in a statement to Motherboard that “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.” T-Mobile repeatedly declined to answer follow-up questions about the scale of the breach.

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *