The personal information of millions of T-Mobile users is being sold to the highest bidder via an online forum, shortly after a hacker reportedly stole the data from multiple T-Mobile servers.
On Sunday, Motherboard reported that the personal information of up to 100 million T-Mobile users had been breached, with the person in possession of the data trying to sell a portion of it- around 30 million social security numbers and driver licenses- on an online forum for 6 bitcoin (almost £200,000).
Motherboard reported that the seller claimed to have obtained data belonging to over 100 million T-Mobile users. The stolen data included social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses.
The seller claimed that they stole the data from multiple servers owned by the company, but said the company must have discovered the data exfiltration as the seller’s access to the servers was terminated after the data was put up for sale.
When contacted, T-Mobile did not admit to the breach but said it is investigating the seller’s claims. “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time,” the company said.
This is the second such data security incident involving T-Mobile that has come into light this year. In January, the mobile network said it suffered a security breach that compromised an unspecified number of customers’ phone numbers as well as customer proprietary network information that included call-related information and the number of lines subscribed to individual accounts.
Even though hackers managed to gain access to customer proprietary network information, Matt Staneff, the chief marketing officer of T-Mobile USA, said the breach did not compromise customers’ names, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs. Security researcher Graham Cluley said it was the fourth hack T-Mobile suffered in less than three years, making the latest one the fifth such incident.
“Is it really worrying that companies such as T-Mobile continue to suffer these data breaches when they stand to face such a significant fine and reputable damage. T-Mobile now must thoroughly investigate what led to the breach, then build a remediation strategy that can help to avoid those same pitfalls in the future,” said Richard Orange, Vice President of EMEA, Digital Guardian.
“Cybersecurity programmes should ensure that emphasis is placed on the security of the data itself – and not just on networks, servers and applications. Shifting the focus towards identifying, controlling, and securing sensitive data assets may not prevent a cyber breach, but it will minimise data loss. What’s more, we must work harder as an industry to collaborate and combat the growing and changing cyber threat landscape.”