T-Mobile is looking into a major hack on its customer data

Tech giant T-Mobile is investigating claims that a serious data breach may have occurred effecting a large proportion of its customer and client base.

T-Mobile is actively investigating claims that there has been a major data breach of its personal database which potentially could compromise 100 million people.

According to VICE,  a message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company’s customers were at the centre of the alleged hack. 

The alleged hacker told Motherboard that the data belonged to “T-Mobile USA” customers and contains everything from names, social security numbers, and phone numbers, to home addresses and driver license information. The news site said it was able to confirm the accuracy of the stolen data after reviewing a sample.

The perpetrator is asking for 6 bitcoin — currently worth about $285,000.

T-Mobile may have already found out about the hack as they can no longer access the company’s servers. But the company, which merged with Sprint last year in a deal worth $26 billion, is yet to confirm publicly if its servers were breached, saying only that it is “aware of claims made in an underground forum” and that is “actively investigating their validity.” T-Mobile added that it will share more information when it becomes available.

If the breach turns out to be true and affects such a large number of T-Mobile customers, it would be a huge blow for the company as it seeks to restore its reputation following similar stumbles in recent years.

In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.

A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim's online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.

In this case, the victim Calvin Cheng accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers' accounts.

T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.

In April this year, hardware wallet manufacturer, Ledger, faced a class-action lawsuit regarding the major data breach that saw the personal data of 270,000 customers stolen between April and June 2020.

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security