Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web.
Bleeping Computer reported that the seller was asking for 6 bitcoin (around $270,000) for 30 million social security numbers and driver licenses, while privately selling the remaining data.
Yesterday T-Mobile confirmed a data breach but announced that it was still investigating the extent of the security breach. The company announced to have started a “deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.” The carrier notified law enforcement and is investigating the data breach with the help of digital forensic experts.
Stolen records included names, dates of birth, phone numbers, addresses, social security numbers, and driver’s license information.
The company also identified the issue exploited by attackers to access its infrastructure and addressed it.
Now the company provides additional info about the intrusion, it confirmed that some of the stolen files did include personal information and that financial data was not compromised.
The preliminary analysis revealed that the intrusion impacted roughly 7.8 million current postpaid customer accounts, as well as more than 40 million records of former and prospective customers. The attackers also compromised approximately 850,000 active prepaid customers.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.” reads the update provided by the carrier. “We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file,”
The carrier announced that it will offer two years of free identity protection services to impacted customers and in response to the incident it has reset the PINs of impacted prepaid accounts.
The company added that names and PINs of Metro by T-Mobile or Boost customers were not compromised.
In March 2020, the wireless carrier was a victim of a sophisticated cyber attack that targeted its email vendor.A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers.
In November 2019, the US branch of the telecommunications giant disclosed another security breach that according to the company impacted a small number of customers of its prepaid service.
(SecurityAffairs – hacking, data breach)