T-Mobile data breach could be much worse than previously thought
An additional 5.3m T-Mobile customers are affected
The recent T-Mobile data breach in which a hacker claims to have stolen the personally identifiable information (PII) of roughly 100m of the mobile carrier's customers may actually be much worse as the company has revealed new details from its investigation into the matter.
Earlier this week, a hacker posted on an underground forum in an attempt to sell a pool of data on the company's customers which reportedly included their social security numbers (SSN), phone numbers, names, addresses, unique IMEI numbers and driver's license information.
Now though, T-Mobile has confirmed in a new post on its site that 7.8m of its current postpaid or on contract customers did have all of the data mentioned above stolen as a result of the breach. However, the hacker was also able to acquire their IMEI (International Mobile Equipment Identity) that is assigned to every mobile device as well as their IMSI (International Mobile Subscriber Identity) that is used to identify their SIM card.
- We've assembled a list of the best identity theft protection around
- Keep your devices virus free with the best malware removal software
- Also check out our roundup of the best firewall for your network
While a cybercriminal could use the exposed personal information of affected T-Mobile customers to commit identity theft, their IMSI information could potentially be used in SIM swapping attacks where an attacker takes over a user's phone number to intercept two-factor authentication (2FA) codes as well as other data being sent to their smartphone.
T-Mobile data breach
T-Mobile also revealed that an additional 5.3m of its postpaid customers are affected by the breach though apparently their driver's licenses and social security numbers weren't exposed.
The accounts of 667k former T-Mobile customers were exposed as well though thankfully, former Sprint prepaid and Boost Mobile customers didn't have their information stolen during the breach. Unfortunately, the same can't be said for 52k Metro by T-Mobile customers who also had their information stolen.
Both T-Mobile and he FCC are currently investigating the data breach and so far, one class-action lawsuit has been filed against the mobile carrier.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Current T-Mobile customers who are concerned that their data may have been exposed can visit this page for more information on how to sign up for the company's Scam Shield which offers scam-blocking protection and other anti-scam features. The company is also offering a free two year subscription to McAfee's ID Theft Protection service to affected customers.
We'll likely hear more regarding the breach and how the hacker was able to penetrate T-Mobile's systems once the company and the FFC's investigation is complete.
- We've also highlighted the best antivirus
Via The Verge
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.