After falling victim to a data breach (opens in new tab) last year, the US telecom T-Mobile (opens in new tab) hired a third-party which tried to buy back the company’s stolen data before it could be widely distributed online.
As reported by Motherboard (opens in new tab), the plan was ultimately unsuccessful as the cybercriminals responsible continued to sell the company’s data on an online hacking forum (opens in new tab) despite being paid a total of $200k to delete their copy.
The news outlet only recently learned that a third-party hired by T-Mobile tried to buy back the telecom’s stolen customer data following the Department of Justice unsealing an indictment against Diogo Santos Coelho who is allegedly the administrator of the notorious hacking site RaidForums (opens in new tab).
While Coelho was arrested in the UK back in March of this year, an affidavit regarding his extradition to the US contained new information on the T-Mobile data breach though the company was not named outright.
Purchasing stolen data from cybercriminals
According to the affidavit, a RaidForums’ user going by the handle “SubVirt” made the original post on the site offering to sell a stolen database (opens in new tab) containing the social security numbers, dates of birth, driver’s licenses and other sensitive information of 124m T-Mobile customers.
An employee of the third-party hired by T-Mobile responded to the post and bought a sample of the data in the database for $50k in Bitcoin (opens in new tab). After reviewing the sample, they then went on to purchase the entire database for around $150k on the condition that SubVirt would delete their copy of the data. This would limit T-Mobile’s customer data from ending up in the hands of other cybercriminals that could use it to commit fraud, identity theft (opens in new tab), phishing attacks and other cybercrimes.
> T-Mobile hacker slams company security as 'awful' (opens in new tab)
> T-Mobile blocked from advertising 'most reliable' 5G (opens in new tab)
> AT&T and T-Mobile secure more spectrum in $22bn US 5G auction (opens in new tab)
After being paid $200k for the database, SubVirt and the other hackers behind the breach continued to try and sell the company’s stolen customer data on RaidForums. While the court documents don’t name the third-party hired by T-Mobile, in a statement (opens in new tab) back in August, the company’s CEO Mike Sievert explained that its investigation into the breach had been “supported by world-class security experts Mandiant from the very beginning”.
Paying cybercriminals is not out of the ordinary and it routinely occurs when organizations fall victim to ransomware (opens in new tab) attacks. Just like in this case though, cybercriminals may not keep up their end of the bargain which is why the FBI and other law enforcement agencies say to never pay a ransom (opens in new tab).
- Avoid falling victim to fraud and other cybercrime with the best identity theft protection (opens in new tab)
Via Vice (opens in new tab)