T-Mobile has confirmed “unauthorized access” to its systems,
days after a portion of customer data was listed for sale on a
known cybercriminal forum.
The U.S. cell giant, which last year completed a $26 billion
merger with Sprint, confirmed an intrusion but that it has “not
yet determined that there is any personal customer data
involved.” The company said that its investigation will “take
some time,” and no timeline was given.
“We are confident that the entry point used to gain access has
been closed, and we are continuing our deep technical review of
the situation across our systems to identify the nature of any
data that was illegally accessed,” the company said.
Vice reported this weekend that T-Mobile was investigating a
possible intrusion after a seller was claiming to be in
possession of millions of records. The seller told Vice that
they had 100 million records on T-Mobile customers, which
included customer account names, phone numbers, the IMEI numbers
of phones on the account, and Social Security number and
driver’s license information — details that the company often
collects to verify the identities of its customers.
Vice verified a sample of the records from the seller,
suggesting the data is in at least partially valid.
The forum post, which TechCrunch has seen, asks for 6 bitcoin,
or about $275,000, for a 30 million subset of customers’ data.
The data was allegedly obtained from a T-Mobile-run database
server that was connected to the internet, according to a
screenshot posted by Bleeping Computer, which also reported that
the seller has the IMEI database “going back to 2004.” IMEI and
ISMI numbers can be used to uniquely identify and locate a
cellphone user.
An earlier post seen by TechCrunch from the same seller and
using the same sample of data claimed to have 124 million
records, but still did not name T-Mobile as the source of the
data. The post was deleted in the past few days.
This is by our count the fifth time that T-Mobile was hacked in
recent years.
In January, T-Mobile said it had a data breach that saw
cybercriminals steal about 200,000 call records and other
subscriber data. Last year, T-Mobile had two incidents — it
admitted a breach on its email systems that saw hackers access
some T-Mobile employee email accounts and access customer data;
and a breach of a million prepaid customers’ personal and
billing information months later. In 2018, T-Mobile said as many
as two million customers may have had their personal information
scraped.
https://techcrunch.com/2021/08/16/t-mobile-confirms-it-was-
hacked-after-customer-data-posted-online/