T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users.

tmobilelogo
Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's servers, thus leading T-Mobile to look into it. The hacker who spoke to Motherboard claimed that several T-Mobile servers had been breached.

T-Mobile has now confirmed that there was indeed unauthorized access to some customer data, but T-Mobile in a statement says it does not yet know if personal customer data has been accessed.

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

According to the original forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information. Motherboard said that it was provided with some samples of data and was able to confirm that they contained accurate information on T-Mobile customers.

T-Mobile says that the entry point used to gain access to the data has been closed, and it is now conducting a "deep technical review" of the situation to determine the nature of the data that was obtained. The company will not be able to confirm the reported number of records affected until the internal investigation is complete, and it plans to proactively communicate with customers when the information is available.

Top Rated Comments

LawJolla Avatar
10 weeks ago
I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these billion dollar companies need to be held accountable. Unacceptable.
Score: 65 Votes (Like | Disagree)
lip008 Avatar
10 weeks ago
Anytime I've had to go into Sprint or T-Mobile they required a scan of my driver's license. It's been a pita to access the account or go into the store for a while now all in the name of security! Guess that was all for nothing! Status quo....we'll get 18 months of credit monitoring and $8 from the lawsuit outcome in 2025...
Score: 23 Votes (Like | Disagree)
Wags Avatar
10 weeks ago
Companies should be fined heavily for stuff like this. Many don’t invest enough resources to be responsible but not enough public outrage. Will be no news by tomorrow.
Score: 20 Votes (Like | Disagree)
Graphikos Avatar
10 weeks ago

I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these companies need to be held accountable. Unacceptable.
That all sounds nice in theory but as we know nothing is ever 100% secure. For a small business, you can more easily lock things down and restrict access. When you talk about large corporations with so many different facets and functions it becomes much harder to grant access to those who need it, trust everyone that is involved, and keep hardware and software secure. There are just so many more variables that you really can't compare.
Score: 17 Votes (Like | Disagree)
SFjohn Avatar
10 weeks ago
That’s totally unacceptable in this day and age. As a T-mobile customer for years now, this is really bad. Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information! What else? Mother’s Maiden Name? T-Mobile needs to pay for a years worth of fraud monitoring on every account stolen at the very least!
Score: 14 Votes (Like | Disagree)
ouimetnick Avatar
10 weeks ago
? I switched from AT&T to T-Mobile this past May…. ??
Score: 12 Votes (Like | Disagree)

Related Stories

tmobilelogo

T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

Wednesday August 18, 2021 5:41 am PDT by
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers. Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company...
tmobilelogo

T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach

Friday August 20, 2021 9:21 am PDT by
T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers. At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile ...
tmobilelogo

T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

Thursday August 26, 2021 12:06 pm PDT by
T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen. John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for...
tmobilelogo

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

Friday August 27, 2021 1:03 pm PDT by
T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users. Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale. "We...
iphone se black

T-Mobile Will Pay Off Your Current Phone Up to $1,000 If You Switch

Thursday October 21, 2021 8:47 am PDT by
T-Mobile today announced that, starting October 22, it will pay off a qualifying customer's remaining eligible smartphone payments up to $1,000 via virtual prepaid MasterCard when they switch to the carrier in the United States. The limited time offer is designed to allow customers to switch from their current carrier to T-Mobile and continue using their existing smartphone without cost....
t mobile walmart

T-Mobile's Smartphones Coming to 2,300 Walmart Locations Across the U.S.

Monday September 13, 2021 1:19 pm PDT by
T-Mobile today announced that its T-Mobile and Metro by T-Mobile smartphones will soon be available in more than 2,300 Walmart locations across the United States, significantly expanding T-Mobile's footprint. T-Mobile devices will be listed on Walmart.com, though customers will need to visit a Walmart store to make a purchase. The rollout follows the availability of T-Mobile devices in Best...
Apple Pay Feature

U.S. Consumer Financial Protection Bureau Investigating Apple and Other Tech Companies

Thursday October 21, 2021 3:32 pm PDT by
Apple is facing yet another investigation by U.S. regulators, this time from the Consumer Financial Protection Bureau (CFPB). The CFPB, which is investigating the business practices of companies operating payment systems, today announced that it has asked Apple, Google, Facebook, Amazon, PayPal, and Square to provide details on their consumer data practices. The CFPB is seeking information...
app store blue banner

U.S. Department of Justice Likely to File Antitrust Lawsuit Against Apple

Monday October 25, 2021 1:35 pm PDT by
The United States Department of Justice is accelerating its antitrust probe into Apple and there is increased likelihood that Apple will face an antitrust lawsuit, reports The Information. Citing internal sources with knowledge of the investigation, The Information says there has been a "flurry" of activity as the DOJ has continued to question Apple, its customers, and its competitors about...
apple tv plus banner

T-Mobile Offering Free Year of Apple TV+ to Select Customers Starting Wednesday

Monday August 23, 2021 6:12 am PDT by
T-Mobile today announced that new and existing Magenta and Magenta MAX customers can receive 12 months of Apple TV+ for free starting this Wednesday, August 25 in the United States. T-Mobile has launched a promotional page with further details. The offer can even be redeemed by users who already pay for Apple TV+. Once you redeem the offer, your paid Apple TV+ subscription will pause and the ...
three mobile uk

Three Becomes Latest UK Mobile Operator to Bring Back EU Roaming Charges

Thursday September 9, 2021 1:41 am PDT by
Three has become the latest UK mobile network to reintroduce EU roaming fees, in another post-Brexit setback for customers traveling abroad. A flat £2 daily charge when roaming within an EU country will apply to customers who are new or upgrading from October 1. The changes will not come into effect until May 23 2022. The operator joins EE and Vodafone who have recently announced the...