T-Mobile confirms data breach, but damage remains unclear
T-Mobile says it has blocked off the hacker’s access
After announcing it was investigating the apparent sale of customer information online, T-Mobile has now confirmed its servers had indeed been breached and some data exfiltrated.
“We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the telecoms firm told TechRadar Pro.
The leak came to light when a hacker began offering up personally identifiable information (PII) supposedly relating to millions of US-based T-Mobile customers on an underground forum.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- These are the best data loss prevention services
- Shield yourself with these best identity theft protection services
- Here’s our list of the best password managers
The pool of stolen data reportedly includes the social security numbers (SSN), phone numbers, names, physical addresses, unique IMEI numbers, and driver license (DL) information of roughly 100 million T-Mobile customers.
Brace for impact
The hacker reportedly said T-Mobile had discovered their entry point, since the company had taken action to seal it off. This too has now been confirmed by T-Mobile.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” said T-Mobile.
The company claimed that while it can confirm the unauthorized access of its data, it isn’t in a position to confirm whether the leak included any personal data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While T-Mobile is yet to confirm the hacker’s claims, industry experts believe that if the claims are indeed found to be true, the details could be very damaging in the hands of cyber criminals.
“What is most concerning is the availability of mobile phone identity numbers tied to each specific customer’s phone. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts,” Sam Curry, Chief Security Officer of cybersecurity firm Cybereason, told TechRadar Pro.
- We’ve also rounded up the best security keys
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.