Published reports say that a T-Mobile hack resulted in a breach that could affect as many as 100 million customers.
Data breaches exposed nearly 188 million customer records in the first half of the year, according to one report. Among the contributing factors since the onset of the COVID-19 pandemic and the move to remote work environments, has been increased use of company devices for personal business, which invites phishing schemes and other security threats.
T-Mobile has yet to acknowledge that any personal information has been accessed, though the company did determine there was unauthorized access to company data.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said in a prepared statement. “This investigation will take some time, but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.”
However, according to one of the published reports, “The data [exposed to the hacker] includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.”
The report goes on to say that the hacker is selling the some of the data for 6 bitcoin, currently estimated to be worth $270,00, though the value fluctuates widely on a daily basis. The data reportedly includes 30 million social security numbers and driver license numbers.
The report adds that the hacker had downloaded the data before the carrier successfully locked down the servers.
T-Mobile has updated the status of this event, stating the company has confirmed that a subset of T-Mobile data had been accessed by unauthorized individuals, and they are coordinating with law enforcement authorities. Details of the T-Mobile hack and breach include:
- We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information.
- Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
- Preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.
T-Mobile says it is Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service. to impacted customers.