T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers.
Yesterday the company announced it launched an investigation into a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers.
The news was reported by Motherboard which pointed out that even if the post doesn’t mention T-Mobile, the seller told it that it has obtained personal data for more than 100 million T-Mobile customers.
The seller told Motherboard that the data was obtained by compromising multiple servers related to T-Mobile.
The seller claims that the data available for sale includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
Motherboard has obtained samples of the data available for sale and confirmed they contained information on T-Mobile customers.
Now T-Mobile confirmed that security breach, but added that it is not able at the time of this publishing to determine the exact number of impacted customers. The company has started a “deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
“We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed.” states an incident update published by the company. “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
The company added that it has identified the way threat actors have stolen its customers’ data and secured its systems.
T-Mobile notified law enforcement and is investigating the data breach with the help of digital forensic experts.
Bleeping Computer reported that the seller is asking for 6 bitcoin (around $270,000) for 30 million social security numbers and driver licenses, while they are privately selling the remaining data.
“This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.” concludes the incident update. “We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.”
In March 2020, the wireless carrier was a victim of a sophisticated cyber attack that targeted its email vendor.A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers.
In November 2019, the US branch of the telecommunications giant disclosed another security breach that according to the company impacted a small number of customers of its prepaid service.
(SecurityAffairs – hacking, data breach)