T-Mobile tried to buy stolen customer data back, but failed

Renovated Headquarters
(Image credit: T-Mobile)

After falling victim to a data breach last year, the US telecom T-Mobile hired a third-party which tried to buy back the company’s stolen data before it could be widely distributed online.

As reported by Motherboard, the plan was ultimately unsuccessful as the cybercriminals responsible continued to sell the company’s data on an online hacking forum despite being paid a total of $200k to delete their copy.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

The news outlet only recently learned that a third-party hired by T-Mobile tried to buy back the telecom’s stolen customer data following the Department of Justice unsealing an indictment against Diogo Santos Coelho who is allegedly the administrator of the notorious hacking site RaidForums.

While Coelho was arrested in the UK back in March of this year, an affidavit regarding his extradition to the US contained new information on the T-Mobile data breach though the company was not named outright.

Purchasing stolen data from cybercriminals

According to the affidavit, a RaidForums’ user going by the handle “SubVirt” made the original post on the site offering to sell a stolen database containing the social security numbers, dates of birth, driver’s licenses and other sensitive information of 124m T-Mobile customers.

An employee of the third-party hired by T-Mobile responded to the post and bought a sample of the data in the database for $50k in Bitcoin. After reviewing the sample, they then went on to purchase the entire database for around $150k on the condition that SubVirt would delete their copy of the data. This would limit T-Mobile’s customer data from ending up in the hands of other cybercriminals that could use it to commit fraud, identity theft, phishing attacks and other cybercrimes.

After being paid $200k for the database, SubVirt and the other hackers behind the breach continued to try and sell the company’s stolen customer data on RaidForums. While the court documents don’t name the third-party hired by T-Mobile, in a statement back in August, the company’s CEO Mike Sievert explained that its investigation into the breach had been “supported by world-class security experts Mandiant from the very beginning”.

Paying cybercriminals is not out of the ordinary and it routinely occurs when organizations fall victim to ransomware attacks. Just like in this case though, cybercriminals may not keep up their end of the bargain which is why the FBI and other law enforcement agencies say to never pay a ransom.

Via Vice

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.