A possible data breach of T-Mobile might be added to the list of massive breaches that have occurred recently, affecting a number of large corporations as hacker groups are pushing to do as much damage as possible. This latest (alleged) breach is still under investigation and could possibly involve the information of around 100 million T-Mobile customers.
It was originally discovered within an underground forum where a hacker posted claiming to have information he or she stole from T-Mobile’s servers and that it contained full customer data. This includes customer names, addresses, driver’s licenses, phone numbers, IMEI numbers (unique equipment/device IDs), social security numbers, and more. The hacker is looking to let go of just a portion of this information for 6 bitcoin (worth around $279,928 at the time of this story).
The hacker has claimed to have been discovered and lost their backdoor to T-Mobile servers, but not before they were able to make away with the alleged information, and claims to have made backups of it elsewhere.
T-Mobile is currently investigating the matter and has not officially confirmed that the hack did indeed take place just yet. If it is found to be a legitimate breach, it will prove to be another devastating blow to the security of customer information.
Update (08/17/2021): T-Mobile has confirmed that the hack did indeed take place.
“We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.” — T-Mobile News Announcement
Update (08/18/2021): T-Mobile has determined that the information of over 40 million accounts was affected. You can find the story here.