T-Mobile

T-Mobile investigates potential 100m user data breach

A seller on an online forum claims to be in the possession of the data and is trying to sell it for six Bitcoin
Pro
Image: Shutterstock via Dennis

16 August 2021

T-Mobile has launched an investigation into a claim on an online forum which suggests that the personal data from over 100 million users have been breached.

The forum post doesn’t explicitly mention the company, but the seller told Motherboard they have obtained data related to over 100 million people and that this data came from T-Mobile servers.

The data reportedly contains social security numbers, driver license information, phone numbers, physical addresses, and unique IMEI numbers. Motherboard saw samples of the data and confirmed they contained accurate information on T-Mobile customers.

On the forum, the seller is asking for six Bitcoin, which is approximately $270,000, for a subset of the data which contains 30 million social security numbers and driver licenses.

“I think they already found out because we lost access to the backdoored servers,” the seller told Motherboard, referring to T-Mobile’s potential response to the breach.

Despite this, the seller said they had already downloaded the data locally and it is backed up in multiple places.

“We are aware of claims made in an underground forum and have been actively investigating their validity,” T-Mobile said in a statement to Motherboard. “We do not have any additional information to share at this time.”

Ilia Kolochenko, Founder of ImmuniWeb and a member of Europol Data Protection Experts Network, said that the price for the records is “very cheap”, at just 1 cent per victim. He said the data could be exploited to conduct targeted mobile attacks, social engineering, sophisticated phishing campaigns, or financial fraud.

“From a legal viewpoint, if the information about the breach is confirmed, T-Mobile may face an avalanche of individual and class action lawsuits from the victims, as well as protracted investigations and serious monetary penalties from the states where the victims are based,” he said, adding that it would be premature to make a conclusion before T-Mobile makes an official statement on the quantity and nature of the stolen data.

In January this year, T-Mobile suffered a data breach affecting information government agencies considered to be highly sensitive. It affected around 200,000 customers and contained information such as customer phone numbers and the number of lines subscribed to on their account.

Future Publishing


Professional Development for IT professionals

The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more


Read More:


Back to Top ↑

TechCentral.ie