Report: T-Mobile involved in a huge customer data breach

report-t-mobile-involved-in-huge-data-breach

Update 9/16 9:08 pm:

T-Mobile has confirmed the attack but did not share its extent.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.”

Breaking news! T-Mobile is currently investigating reports of a huge customer data breach. According to the report, the hackers have been able to access around 100 million users. 

The report states that the hackers were able to access customer data including their social security numbers, names, phone numbers, physical addresses, driver’s license information, and unique IMEI numbers. 

It is said that T-Mo was alerted of the possible breach via a forum post. The alert was sent by a hacker who claimed to be selling the personal data he was able to steal. Although the forum post did not specifically mention T-Mobile, the seller claimed that he got the information from T-Mobile Servers. 

The report shares that the hacker is asking for six bitcoin, or around $260,000 for a small amount of the data he was able to hack. This amount is only equivalent to 30 million social security numbers and driver’s licenses. 

As revealed by the hacker, T-Mobile was already able to respond to the breach. “I think they already found out because we lost access to the backdoored servers.”

Even though the hacker had already been removed from the server, he shares that he was already able to download the data locally to his computer.

In a statement, T-Mobile has addressed the claim and said:

“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

This is a developing story. 

 

Source: 1

Tags: ,

  • marque2

    I don’t recall Tmobile ever asking for my driver’s license. SSA – yes

    • blokeinusa

      Not over the phone. But they do in store and scan it if you buy a phone or something of high value.

      • mreveryphone

        Only if you put it on payments. That requires an ID scan. If you buy it outright no one cares…

        • Mike

          Not true postpaid account require id when making a purchase . The store reps will scan your license and I bet you Tmobile hold onto your license number info which is worrisome. I hope T-Mobile gets sued and changes their practices with holding customer data such as your license number for so long.

      • Mike

        T-mobile does ask for your driver license number over the phone if they need to verify your identity for new service.

    • Manbearpig

      They always ask for mine when I go in and pick something up and they scan it with that little tablet they have. I’m sure that’s saved somewhere

  • SlopeTangentAnswer

    No surprise that TMO continues to screw up handling customers data.

    • Sayahh

      Hmm, pretty sure if Experian got hacked, too, a few years ago. So did the Veterans Administration. It’s not a problem limited to Tmo. Where there’s money to be extorted, there will be criminals. If you think that all your data isn’t already accessible by thousands of criminals prior to this breach, then you are pretty naive. This is why I don’t buy any bitcoins or crypto so that people won’t extort or blackmail me…because there’s nothing to steal.

      • JStatt

        This is the fourth time T-Mobile has been hacked in only a few years. Yes, it is on them.

        • Ben

          Agreed. Leave your doors unlocked and someone will eventually get into your home and steal your belongings.

        • Shaun Michalak

          You obviously do not keep up with stuff.. If I remember right, Apple was just shown tons of holes in their system earlier this year.. Verizon had breaches in their system for customer data in 2016, 2017, 2020.. and that was just with a basic search.. Apple was just lucky that most of their holes were found by legit hackers that help find holes, and not by vicious one..

          or how about this article from 2019

          “An error from a third-party contractor has led to a massive data breach
          where personal information of hundreds of thousands of AT&T, Verizon, and T-Mobile subscribers was exposed on unprotected public cloud servers. According to a TechCrunch report, around 261,300 documents were exposed on the server hosted by Amazon Web Services (AWS).”

          Should I start checking for 2018, since that is the only year so far I have not come across where Verizon has breaches in data?? and lets not forget about the newest Verizon/california water system breach that happened this year.. Right now, they are claiming that no info was stolen.. But they also say that they do not know either.. Just none that they know of.. But yea, lets just pretend that T-Mobile is the only company with the problem..

        • JStatt

          Not every data breach is equal. T-Mobile continues to expose highly sensitive material including social security numbers on virtually all of their customers. No, Verizon has not had nearly the same breadth of breach for this level of data across their entire customer base (multiple times!) like T-Mobile has. It’s embarrassing.

        • Shaun Michalak

          So basically you are saying that someone hacking into a system is bad, but giving out personal info in a chat session without hacking, to just about anyone, is not as bad?? because that is exactly what Verizon did.. and still do not know if they fully fixed it either.. You can say, hey, but theirs is worse.. But no matter how you look at it, a vulnerability is a vulnerability.. If someone hacked T-Mobile and got info, but hacked Verizon and completely shut down their whole network (going off of that hacked pipeline here which did just that), would you still say.. But T-Mobile is still worse because someone got data?? or would you say, but that system going down caused a lot of problems due to no 911 help?? Fact is, even a small vulnerability, even if it is not associated with personal data, can do just that.. So you can not discount that it is not as bad, just because off what was done.. a breach is still a breach..

      • SlopeTangentAnswer

        One does not equate to the other. As for the VA, the gov is bound to citizens 5o continually provide support.

        TMobile is ratty, dirty company that will inevitably leave its CUSTOMERS high and dry.

        Are you some corporate shill for TMobile?

        • Sayahh

          Are you a corporate shill for Verizon or a hacker apologist?

          How quickly you throw out accusations. I am just being realistic. Yes, it sucks, just like having your bitcoin stolen or SIM card swapped.

          You should start your own company. Not even Google software are free from vulnerabilities–and itself being a company that takes your data.

          I am not promoting any wireless providers. In fact, I had Visible for a few months because I couldn’t get internet at home. I’ve also had Net10/Simple Mobile and tried US Mobile and had AT&T and Cingular years ago. I am not a slave to any company and not saying that there shouldn’t be punishment and consequences, but if you think you can do better as a CEO or security head and staying ahead of hackers, then you should apply for that job. Calling people shills doesn’t stop any hackers from exploiting the weakest link. You just have to trust that employees are vigilant and never let their guard down and trust them to not be corrupt or blackmailable.

  • steadymobb

    Completely unacceptable. About ready to dump them

  • DrewskiStyles790

    This is just outright sad.

  • Ben

    I hope they get sued for this. Was the PII not encrypted?

  • JStatt

    It’s absurd that T-Mobile was hacked once again! Worst data security in the industry. Get it together!

  • Eddie Vazquez

    HI,
    Advice:,Go to Experian, Transunion and notify the incident, Put and alert or freeze your credit information. Is free.

    • Ѕροη†αηεους Μιхх ♪♫

      or even better, Tmo could pony up for credit monitoring for affected users

  • vrm

    Maybe, just MAYBE. if they STOPPED storing SSN and driver’s licenses everywhere, they would get hacked less often.

  • Jetscreamer

    T-Mobile definitely have no incentive to beef up network security. This is the third hack in a year, I believe. I am glad I use prepaid, which don’t ask for my SS.