T-Mobile Data Breach: Customer Data Hacked and Posted Online

T-Mobile Investigates Potential Data Breach

T-Mobile has acknowledged experiencing “unauthorized access” to its systems. This confirmation follows reports that a segment of customer data was being offered for sale on a cybercriminal forum.

Details of the Incident

The mobile carrier, which finalized its $26 billion merger with Sprint last year, has confirmed a security intrusion. However, the company states it has “not yet determined” if any personal customer data was compromised.

T-Mobile indicated that a thorough investigation is underway and will require a significant amount of time to complete. Currently, no specific timeframe for the investigation’s conclusion has been provided.

Claims Regarding Data Volume

According to reports from Vice, T-Mobile initiated an investigation into a potential breach after a seller claimed possession of millions of customer records. The seller asserted having access to data on 100 million T-Mobile customers.

This data allegedly includes customer account names, phone numbers, IMEI numbers associated with devices on the account, as well as sensitive information like Social Security numbers and driver’s license details. Such information is routinely collected for customer identity verification purposes.

Vice was able to verify a sample of the records offered by the seller, suggesting the data’s partial validity.

Data Offered for Sale

A forum post, reviewed by TechCrunch, requested 6 bitcoin – approximately $275,000 – in exchange for a subset of 30 million customer records.

According to a screenshot shared by Bleeping Computer, the data was reportedly obtained from a T-Mobile database server that was publicly accessible via the internet. The seller also claims to possess an IMEI database dating back to 2004.

Previous Claims and Data Amounts

An earlier forum post, also seen by TechCrunch and utilizing the same data sample, initially claimed access to 124 million records. This post did not initially identify T-Mobile as the source of the data and has since been removed.

Recurring Security Issues

This incident marks at least the fifth reported instance of T-Mobile being subjected to a cyberattack in recent years.

Past Data Breaches

In January, T-Mobile disclosed a data breach impacting approximately 200,000 call records and other subscriber data.

Last year, the company experienced two separate breaches: one affecting employee email accounts and potentially exposing customer data, and another compromising the personal and billing information of roughly one million prepaid customers.

In 2018, T-Mobile reported that the personal information of as many as two million customers may have been improperly accessed.

Secure communication channels are available via Signal and WhatsApp at +1 646-755-8849. Confidential files and documents can also be submitted using our SecureDrop.