T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users.

tmobilelogo
Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's servers, thus leading T-Mobile to look into it. The hacker who spoke to Motherboard claimed that several T-Mobile servers had been breached.

T-Mobile has now confirmed that there was indeed unauthorized access to some customer data, but T-Mobile in a statement says it does not yet know if personal customer data has been accessed.

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

According to the original forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information. Motherboard said that it was provided with some samples of data and was able to confirm that they contained accurate information on T-Mobile customers.

T-Mobile says that the entry point used to gain access to the data has been closed, and it is now conducting a "deep technical review" of the situation to determine the nature of the data that was obtained. The company will not be able to confirm the reported number of records affected until the internal investigation is complete, and it plans to proactively communicate with customers when the information is available.

Popular Stories

iPhone 17 Air Size Feature

'iPhone 17 Air' With Rear Camera Bar Allegedly Shown in Leaked Photo

Tuesday January 21, 2025 12:46 pm PST by
A leaker known as "Majin Bu" today shared an alleged image of a component for the rumored, ultra-thin "iPhone 17 Air" model. The blurry, pixelated image shows a pair of rear iPhone shells with a pill-shaped, raised camera bar along the top. On the left side of the bar, there is a circular cutout that appears to be for a single rear camera. On the right side of the bar, there appears to be an ...
iOS 18

Here Are Apple's Full Release Notes for iOS 18.3

Tuesday January 21, 2025 4:31 pm PST by
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes. The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
Apple Pay Walmart Feature

Walmart Stands Firm on Why It Doesn't Accept Apple Pay in the U.S.

Thursday January 23, 2025 7:32 am PST by
Walmart still does not accept Apple Pay or other NFC payments at its more than 4,600 stores across the U.S., and it stood firm on its reasoning for that today. A spokesperson for Walmart today informed MacRumors that its position on contactless payments has not changed since we last reached out about the matter in 2022. The big-box retailer said it remains focused on its own convenient...
Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
iOS 18

Apple Expected to Release iOS 18.3 Next Week With These New Features

Thursday January 23, 2025 6:41 am PST by
iOS 18.3 should be released to the public next week, following beta testing since mid-December. While the software update is a relatively minor one, it still includes a handful of new features, changes, and bug fixes for iPhones. Below, we recap everything new in iOS 18.3. Notification Summary Changes Examples of inaccurate Apple Intelligence notification summaries Apple Intelligence...
truecaller

Truecaller iOS Update Rolls Out Real-Time Caller ID Support

Wednesday January 22, 2025 2:07 am PST by
Popular caller ID app Truecaller is rolling out an update that brings real-time caller ID support to its iOS subscribers. Apple introduced Live Caller ID Lookup in iOS 18, allowing third-party caller ID apps to securely retrieve information about a caller from their servers, hence today's Truecaller update. iPhone users can enable the Live Caller ID Lookup feature by going to Settings ➝ ...
ipad pro 2024

New iPad Pro Reportedly Launching This Year

Tuesday January 21, 2025 6:40 am PST by
Apple plans to release at least one new iPad Pro model this year, according to a supplier-focused report today from Korean website The Elec. It is likely that the 11-inch and 13-inch iPad Pro models would be updated simultaneously. After receiving an OLED display last year, the report said the iPad Pro will receive only "minor" changes this year. Overall, the next iPad Pro is expected to...
airtag 4 pack blue

AirTag 2 Launching This Year With These 3 New Features

Sunday January 19, 2025 8:11 am PST by
After a four-year wait, a new AirTag is finally expected to launch in 2025. Below, we recap rumored upgrades for the accessory. A few months ago, Bloomberg's Mark Gurman said Apple was aiming to release the AirTag 2 around the middle of 2025. While he did not offer a more specific timeframe, that means the AirTag 2 could be announced by the end of June. The original AirTag was announced...
iPhone SE Dynamic Island Majin Bu

iPhone SE 4 Leak Shows Dynamic Island, Casts Doubt on Rumored 'iPhone 16E' Name

Monday January 20, 2025 9:01 am PST by
A new iPhone SE is widely rumored to launch this year, and the device has potentially been confirmed today by known leaker Evan Blass. In a private social media post, Blass shared an image of what appears to be source code mentioning an iPhone SE (4th Gen), which casts doubt on the alternative "iPhone 16E" name rumored for the device. However, the name in the source code could be a...

Top Rated Comments

LawJolla Avatar
45 months ago
I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these billion dollar companies need to be held accountable. Unacceptable.
Score: 65 Votes (Like | Disagree)
lip008 Avatar
45 months ago
Anytime I've had to go into Sprint or T-Mobile they required a scan of my driver's license. It's been a pita to access the account or go into the store for a while now all in the name of security! Guess that was all for nothing! Status quo....we'll get 18 months of credit monitoring and $8 from the lawsuit outcome in 2025...
Score: 23 Votes (Like | Disagree)
Wags Avatar
45 months ago
Companies should be fined heavily for stuff like this. Many don’t invest enough resources to be responsible but not enough public outrage. Will be no news by tomorrow.
Score: 20 Votes (Like | Disagree)
Graphikos Avatar
45 months ago

I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these companies need to be held accountable. Unacceptable.
That all sounds nice in theory but as we know nothing is ever 100% secure. For a small business, you can more easily lock things down and restrict access. When you talk about large corporations with so many different facets and functions it becomes much harder to grant access to those who need it, trust everyone that is involved, and keep hardware and software secure. There are just so many more variables that you really can't compare.
Score: 17 Votes (Like | Disagree)
SFjohn Avatar
45 months ago
That’s totally unacceptable in this day and age. As a T-mobile customer for years now, this is really bad. Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information! What else? Mother’s Maiden Name? T-Mobile needs to pay for a lifetime of fraud monitoring on every account stolen!
Score: 14 Votes (Like | Disagree)
ouimetnick Avatar
45 months ago
? I switched from AT&T to T-Mobile this past May…. ??
Score: 12 Votes (Like | Disagree)