T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users.

tmobilelogo
Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's servers, thus leading T-Mobile to look into it. The hacker who spoke to Motherboard claimed that several T-Mobile servers had been breached.

T-Mobile has now confirmed that there was indeed unauthorized access to some customer data, but T-Mobile in a statement says it does not yet know if personal customer data has been accessed.

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

According to the original forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information. Motherboard said that it was provided with some samples of data and was able to confirm that they contained accurate information on T-Mobile customers.

T-Mobile says that the entry point used to gain access to the data has been closed, and it is now conducting a "deep technical review" of the situation to determine the nature of the data that was obtained. The company will not be able to confirm the reported number of records affected until the internal investigation is complete, and it plans to proactively communicate with customers when the information is available.

Top Rated Comments

LawJolla Avatar
28 months ago
I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these billion dollar companies need to be held accountable. Unacceptable.
Score: 65 Votes (Like | Disagree)
lip008 Avatar
28 months ago
Anytime I've had to go into Sprint or T-Mobile they required a scan of my driver's license. It's been a pita to access the account or go into the store for a while now all in the name of security! Guess that was all for nothing! Status quo....we'll get 18 months of credit monitoring and $8 from the lawsuit outcome in 2025...
Score: 23 Votes (Like | Disagree)
Wags Avatar
28 months ago
Companies should be fined heavily for stuff like this. Many don’t invest enough resources to be responsible but not enough public outrage. Will be no news by tomorrow.
Score: 20 Votes (Like | Disagree)
Graphikos Avatar
28 months ago

I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these companies need to be held accountable. Unacceptable.
That all sounds nice in theory but as we know nothing is ever 100% secure. For a small business, you can more easily lock things down and restrict access. When you talk about large corporations with so many different facets and functions it becomes much harder to grant access to those who need it, trust everyone that is involved, and keep hardware and software secure. There are just so many more variables that you really can't compare.
Score: 17 Votes (Like | Disagree)
SFjohn Avatar
28 months ago
That’s totally unacceptable in this day and age. As a T-mobile customer for years now, this is really bad. Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information! What else? Mother’s Maiden Name? T-Mobile needs to pay for a lifetime of fraud monitoring on every account stolen!
Score: 14 Votes (Like | Disagree)
ouimetnick Avatar
28 months ago
? I switched from AT&T to T-Mobile this past May…. ??
Score: 12 Votes (Like | Disagree)

Popular Stories

iPhone 16 Mock Header With Dynamic Island

Skipping the iPhone 15 Pro? Here's What's Rumored for iPhone 16 Pro

Friday September 22, 2023 9:29 am PDT by
Are you skipping the iPhone 15 Pro and waiting another year to upgrade? If so, we already have some iPhone 16 Pro rumors for you. Below, we recap new features rumored for the iPhone 16 Pro models so far:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped with larger 6.3-inch and 6.9-inch displays, respectively, according to Ross Young, CEO of Display Supply Chain...
Update Your iPhone 15 to iOS 17

Warning: Update Your iPhone 15 to iOS 17.0.2 Before Transferring Data From Another iPhone

Friday September 22, 2023 6:36 am PDT by
If you are unboxing an iPhone 15, iPhone 15 Plus, iPhone 15 Pro, or iPhone 15 Pro Max today, make sure to update the device to iOS 17.0.2 before transferring data to the device from another iPhone, or else you might encounter issues. iOS 17.0.2 is only available for the iPhone 15 lineup. Apple says the update fixes an issue that may prevent transferring data directly from another iPhone...
iOS 17

Apple Releases iOS 17.0.1 and iPadOS 17.0.1 With Bug Fixes, Plus iOS 17.0.2 for iPhone 15 Models

Thursday September 21, 2023 10:28 am PDT by
Apple today released iOS 17.0.1 and iPadOS 17.0.1 updates for the iPhone and the iPad, adding bug fixes to the new software. The iOS 17.0.1 and iPadOS 17.0.1 updates come just a few days after Apple launched iOS 17 and iPadOS 17. The software, which is build 21A340, can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. There is a...
Apple Watch Ultra 2 double tap gesture 230912

watchOS 10.1 to Enable Apple Watch's New 'Double Tap' Gesture

Thursday September 21, 2023 12:52 pm PDT by
The new Double Tap gesture for the Apple Watch Series 9 and the Apple Watch Ultra 2 will be enabled starting with watchOS 10.1, according to Marques Brownlee, host of the popular tech-focused YouTube channel MKBHD. The first beta of watchOS 10.1 will likely be available by next week, and Apple announced that the software update will be released next month. Brownlee shared his impressions...