T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum.
The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” The company said that its investigation will “take some time,” and no timeline was given.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said.
Vice reported this weekend that T-Mobile was investigating a possible intrusion after a seller was claiming to be in possession of millions of records. The seller told Vice that they had 100 million records on T-Mobile customers, which included customer account names, phone numbers, the IMEI numbers of phones on the account, and Social Security number and driver’s license information — details that the company often collects to verify the identities of its customers.
Vice verified a sample of the records from the seller, suggesting the data is in at least partially valid.
The forum post, which TechCrunch has seen, asks for 6 bitcoin, or about $275,000, for a 30 million subset of customers’ data. The data was allegedly obtained from a T-Mobile-run database server that was connected to the internet, according to a screenshot posted by Bleeping Computer, which also reported that the seller has the IMEI database “going back to 2004.” IMEI and ISMI numbers can be used to uniquely identify and locate a cellphone user.
An earlier post seen by TechCrunch from the same seller and using the same sample of data claimed to have 124 million records, but still did not name T-Mobile as the source of the data. The post was deleted in the past few days.
This is by our count the fifth time that T-Mobile was hacked in recent years.
In January, T-Mobile said it had a data breach that saw cybercriminals steal about 200,000 call records and other subscriber data. Last year, T-Mobile had two incidents — it admitted a breach on its email systems that saw hackers access some T-Mobile employee email accounts and access customer data; and a breach of a million prepaid customers’ personal and billing information months later. In 2018, T-Mobile said as many as two million customers may have had their personal information scraped.
You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop.