T-Mobile has confirmed it has suffered a data breach after hackers obtained records of up to 100 million of its customers and is offering to put them up for sale.
According to Security Affairs, the company has launched an investigation into the data breach after a threat actor posted on a forum claiming to be selling the personal data of its customers.
The seller of the data told the publication Motherboard that the data was obtained by compromising multiple servers related to T-Mobile. The seller claimed that the data available for sales includes phone numbers, social security numbers, names, physical addresses and driver licences information.
T-Mobile said that is not currently able to determine the exact number of impacted, but said that it has started a ‘deep technical review of the situation’ across its systems to identify the nature of any data that was illegally accessed.
Cybersecurity publication Bleeping Computer recently reported that the seller is asking for 6 bitcoin – around $270,000 – for 30 million social security and driver licences. However, they are privately selling the remaining data.
T-Mobile said, “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
The company also noted that it had identified the way threat actors had stolen its customers’ data and secured its systems.
The firm continued, “This investigation will take some time, but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.
“We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.”
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst