T-Mobile is actively investigating claims that there has been a major data breach of its personal database which potentially could compromise 100 million people.
According to VICE, a message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company’s customers were at the centre of the alleged hack.
The alleged hacker told Motherboard that the data belonged to “T-Mobile USA” customers and contains everything from names, social security numbers, and phone numbers, to home addresses and driver license information. The news site said it was able to confirm the accuracy of the stolen data after reviewing a sample.
The perpetrator is asking for 6 bitcoin — currently worth about $285,000.
T-Mobile may have already found out about the hack as they can no longer access the company’s servers. But the company, which merged with Sprint last year in a deal worth $26 billion, is yet to confirm publicly if its servers were breached, saying only that it is “aware of claims made in an underground forum” and that is “actively investigating their validity.” T-Mobile added that it will share more information when it becomes available.
If the breach turns out to be true and affects such a large number of T-Mobile customers, it would be a huge blow for the company as it seeks to restore its reputation following similar stumbles in recent years.
In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.
A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim's online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.
In this case, the victim Calvin Cheng accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers' accounts.
T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.
In April this year, hardware wallet manufacturer, Ledger, faced a class-action lawsuit regarding the major data breach that saw the personal data of 270,000 customers stolen between April and June 2020.