This week T-Mobile confirmed that it’s looking into massive claims floating around the web that someone is selling nearly all of its U.S.A customers’ sensitive data. Motherboard reported that it’s in contact with the seller, who claims to have “full customer info,” including Social Security numbers, phone IMEI numbers, names, addresses, driver license info, and more for T-Mobile USA.
To make matters worse, after being provided samples of the data, Motherboard says it appears authentic. However, the alleged hacker is only selling personal data for 30 million customers publicly and wants six bitcoins worth around $270,000. The intruder states it will sell the other 70 million piles of data through private channels.
“We are aware of claims made in an underground forum and have been actively investigating their validity,” a T-Mobile spokesperson said in a message to Motherboard. “We do not have any additional information to share at this time.”
It’s unclear when or if this data may have been accessed, but T-Mobile is no stranger to data breaches. That said, T-Mobile reportedly already kicked the hackers out of its servers and closed the backdoor loophole used to obtain said data. But, again, this is unconfirmed, so we’ll have to wait and see.
Even if the hackers only managed to acquire the info on 30 million customers, this is still bad news for everyone involved. We’ll keep an eye out for more details and report back once we know more. Unfortunately, for now, there isn’t much T-Mobile customers can do about the situation aside from keeping an eye on accounts and watch for suspicious activity.
Update, 8/16/21 4:49 pm Eastern: In a statement Monday, T-Mobile has confirmed the hack, but still isn’t sharing too much information. Stating that “unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved.” The company confirmed the entry point is now closed and secure, but we’ll have to wait before knowing anything else.