T-Mobile has confirmed that it has indeed suffered a data breach, with around 100 million customers from its user base being affected. The company had earlier said that it was investigating the claims made by a hacker on an underground forum, which had first been reported by Motherboard. In a post on the platform, the hacker had offered to sell a subset of the data containing some 30 million entries. The information has been said to contain sensitive data, including Social Security Numbers, IMEI, and even physical addresses.
Following the post, T-Mobile had first informed media outlets that it couldn’t share any additional information on the breach. It later updated its statement, confirming the breach. However, it added that it couldn’t, as yet, pinpoint whether or not customer data had been affected. At the same time, the company asserts that the data access point which had been used to steal the information has been closed off. The investigation is still ongoing, but T-Mobile says that it is treating it with the “highest degree of urgency.”
The firm has become the target of many data breach attempts in the past years. Back in 2018, a similar data breach was unveiled, when customer’s phone numbers and email addresses were thought to have been compromised.
Then, in 2019, customer’s personal data, which included a bounty of information, from names and phone numbers, to account numbers, billing addresses, and wireless plans, were breached in what was, in the firm’s own words, a “criminal hack.” Other hacks were also reported last year, but were not found to be of much consequence.
Unauthorized Access, But No Ransom Demand
This time around, the breach came to light after a hacker who goes by the name “Subvirt” made a post on underground hacking forum Raid Forums, claiming that they had gotten their hands on data from around 100 million T-Mobile users. The firm has since confirmed the security breach, saying that “unauthorized access to some T-Mobile data occurred.”
Interestingly, the hacker has just put the data up for sale (payment for which is being demanded in the form of Bitcoin), and doesn’t seem to be demanding any sort of ransom. At the same time, commenting on how they were no longer able to access the breached data (possibly because T-Mobile has shut off the route), the perpetrator also says that they have already downloaded the stolen data and made copies of the same, to prevent such a situation from thwarting their plans.