Do you still remember the massive data breach that took place with T-Mobile last August? We still do and can recall that over 54 million of customers had their data compromised. There are new reports, however, that reveal that T-Mo attempted to buy the leaked data affected in the hack.
As a result of the hack, T-Mobile announced a multi-year partnership with Mandiant, a cybersecurity firm. They will be working alongside accounting agency KPMG to ensure that T-Mo’s security practices are audited. New policies will also be implemented to help prevent such incidents in the future.
Motherboard has obtained newly unsealed court documents filed by the Department of Justice that talk about this possibility. The documents reveal the criminal charges that T-Mo filed against alleged founder and RaidForums administrator, Diogo Santos Coelho. The DoJ has taken down the website that was used as a marketplace for hackers to sell stolen data.
The documents share that a certain “SubVirt” posted on the website and tried to sell some of T-Mo’s hacked data. The data was then confirmed to have “belonged to a major telecommunications company and wireless operator” that provides service in the country.
Although the document does not directly name T-Mobile as the victim, it instead refers to them as “Company 3.” It also revealed that Company 3 “hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals.”
The document reveals that an employee posed as a potential buyer and made a payment of approximately $50,000 in Bitcoin to get a sample of the data. An additional $150,000 was paid for the entire database.
The agreement was that SubVirt would delete his copy. Unfortunately, SubVirt and its collaborators did not follow through with their end of the agreement as “the co-conspirators continued to attempt to sell the databases after the third-party’s purchase.”
Motherboard has identified T-Mobile as the carrier in the aforementioned court documents based on its timeline.