Skip to main content

T-Mobile confirms data breach, but damage remains unclear

Data leak
(Image credit: Shutterstock/dalebor)

After announcing it was investigating the apparent sale of customer information online, T-Mobile has now confirmed its servers had indeed been breached and some data exfiltrated.

“We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the telecoms firm told TechRadar Pro

The leak came to light when a hacker began offering up personally identifiable information (PII) supposedly relating to millions of US-based T-Mobile customers on an underground forum. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The pool of stolen data reportedly includes the social security numbers (SSN), phone numbers, names, physical addresses, unique IMEI numbers, and driver license (DL) information of roughly 100 million T-Mobile customers.

Brace for impact

The hacker reportedly said T-Mobile had discovered their entry point, since the company had taken action to seal it off. This too has now been confirmed by T-Mobile. 

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” said T-Mobile.

The company claimed that while it can confirm the unauthorized access of its data, it isn’t in a position to confirm whether the leak included any personal data. 

While T-Mobile is yet to confirm the hacker’s claims, industry experts believe that if the claims are indeed found to be true, the details could be very damaging in the hands of cyber criminals.

“What is most concerning is the availability of mobile phone identity numbers tied to each specific customer’s phone. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts,” Sam Curry, Chief Security Officer of cybersecurity firm Cybereason, told TechRadar Pro.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.