IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

T-Mobile confirms it was hit by a data breach

The US operator has not yet determined if there is any personal customer data involved

UPDATE: T-Mobile has confirmed that data belonging to the company may have been “illegally accessed”.

“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” the company said in a statement to IT Pro. “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”

T-Mobile added that the investigation will “take some time” but it is working with the “highest degree of urgency”.

“Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others,” it said.

The company also said that once it has a more complete and verified understanding of what occurred, it will then communicate with its customers and stakeholders.

16/08/21: T-Mobile has launched an investigation into a claim on an online forum which suggests that the personal data from over 100 million users have been breached.

The forum post doesn’t explicitly mention the company, but the seller told Motherboard they have obtained data related to over 100 million people and that this data came from T-Mobile servers.

The data reportedly contains social security numbers, driver license information, phone numbers, physical addresses, and unique IMEI numbers. Motherboard saw samples of the data and confirmed they contained accurate information on T-Mobile customers.

On the forum, the seller is asking for six Bitcoin, which is approximately $270,000, for a subset of the data which contains 30 million social security numbers and driver licenses.

"I think they already found out because we lost access to the backdoored servers," the seller told Motherboard, referring to T-Mobile's potential response to the breach.

Despite this, the seller said they had already downloaded the data locally and it is backed up in multiple places.

"We are aware of claims made in an underground forum and have been actively investigating their validity,” T-Mobile said in a statement to IT Pro. “We do not have any additional information to share at this time."

Related Resource

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Five essentials from your endpoint security partner - title against a background of blue circles - whitepaper from MalwarebytesDownload now

Ilia Kolochenko, Founder of ImmuniWeb and a member of Europol Data Protection Experts Network, said that the price for the records is "very cheap", at just 1 cent per victim. He said the data could be exploited to conduct targeted mobile attacks, social engineering, sophisticated phishing campaigns, or financial fraud.

"From a legal viewpoint, if the information about the breach is confirmed, T-Mobile may face an avalanche of individual and class action lawsuits from the victims, as well as protracted investigations and serious monetary penalties from the states where the victims are based," he said, adding that it would be premature to make a conclusion before T-Mobile makes an official statement on the quantity and nature of the stolen data.

In January this year, T-Mobile suffered a data breach affecting information government agencies considered to be highly sensitive. It affected around 200,000 customers and contained information such as customer phone numbers and the number of lines subscribed to on their account.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Rugged servers market to hit $945 million by 2032
Hardware

Rugged servers market to hit $945 million by 2032

30 May 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022