After announcing it was investigating the apparent sale of customer information online, T-Mobile has now confirmed its servers had indeed been breached and some data exfiltrated.
“We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the telecoms firm told TechRadar Pro.
The leak came to light when a hacker began offering up personally identifiable information (PII) supposedly relating to millions of US-based T-Mobile customers on an underground forum.
- These are the best data loss prevention services
- Shield yourself with these best identity theft protection services
- Here’s our list of the best password managers
The pool of stolen data reportedly includes the social security numbers (SSN), phone numbers, names, physical addresses, unique IMEI numbers, and driver license (DL) information of roughly 100 million T-Mobile customers.
Brace for impact
The hacker reportedly said T-Mobile had discovered their entry point, since the company had taken action to seal it off. This too has now been confirmed by T-Mobile.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” said T-Mobile.
The company claimed that while it can confirm the unauthorized access of its data, it isn’t in a position to confirm whether the leak included any personal data.
While T-Mobile is yet to confirm the hacker’s claims, industry experts believe that if the claims are indeed found to be true, the details could be very damaging in the hands of cyber criminals.
“What is most concerning is the availability of mobile phone identity numbers tied to each specific customer’s phone. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts,” Sam Curry, Chief Security Officer of cybersecurity firm Cybereason, told TechRadar Pro.
- We’ve also rounded up the best security keys
