In August 2021, mobile carrier T-Mobile reported it falling victim to a hack entailing the comprising of the private data of over 54 million of its customers. One of the consequences of the incidents included the carrier announcing a multi-year collaboration with Mandiant, a cybersecurity firm. The chief executive of the company, Mike Sievert gave in a statement at that time. He stated that the company, along with accounting agency KPMG, would guide T-mobile audit its security practices. Additionally, adopt policies that would control future instances of cybersecurity breaches.
Court documents filed by the Department of Justice were recently discovered. They indicated that the carrier could have possibly hired a third-party organisation to stop the wider circulation of the data that was leaked. Concerned authorities noticed the documents including criminal charges against Diogo Santos Coelho. He is allegedly the founder and administrator of RaidForums. The website was a medium where hackers came to buy and sell data that were stolen, which also probably included the personal customer data from T-Mobile. This was until the website was taken down by the Justice Department.
The documents showed an instance which involved an individual who was referred to as the alias ‘SubVirt.’ On August 11, 2021, they posted to RaidForums to attempt selling a stockpile of recently hacked data at one point. The Justice Department did not directly name a victim to these incident. On the other hand, they referred to them mainly as ‘Company 3.’ However. they later confirmed in later post that the data was of a major telecommunications firm and wireless operator provide services in the US.
According to the agency, Company 3 “hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals.”
Reportedly, an employee pretended to be a potential buyer and paid around $50,000 in Bitcoin to acquire a sample of the leaked information. Subsequently, they paid $150,000 more for the whole database with understanding that SubVirt would delete their copy. However, SubVirt and their partners did not fulfil the agreement, to Company 3’s disadvantage. The Justice Department stated that apparently the “co-conspirators” went to try and sell the databases post the purchase by the third party.
The first few reports on the incident and discovered documents made few things clear. It suggested that T-Mobile is nameless carrier essentially implied by the Department of Justice.