T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users.

tmobilelogo
Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's servers, thus leading T-Mobile to look into it. The hacker who spoke to Motherboard claimed that several T-Mobile servers had been breached.

T-Mobile has now confirmed that there was indeed unauthorized access to some customer data, but T-Mobile in a statement says it does not yet know if personal customer data has been accessed.

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

According to the original forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information. Motherboard said that it was provided with some samples of data and was able to confirm that they contained accurate information on T-Mobile customers.

T-Mobile says that the entry point used to gain access to the data has been closed, and it is now conducting a "deep technical review" of the situation to determine the nature of the data that was obtained. The company will not be able to confirm the reported number of records affected until the internal investigation is complete, and it plans to proactively communicate with customers when the information is available.

Top Rated Comments

LawJolla Avatar
12 months ago
I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these billion dollar companies need to be held accountable. Unacceptable.
Score: 65 Votes (Like | Disagree)
lip008 Avatar
12 months ago
Anytime I've had to go into Sprint or T-Mobile they required a scan of my driver's license. It's been a pita to access the account or go into the store for a while now all in the name of security! Guess that was all for nothing! Status quo....we'll get 18 months of credit monitoring and $8 from the lawsuit outcome in 2025...
Score: 23 Votes (Like | Disagree)
Wags Avatar
12 months ago
Companies should be fined heavily for stuff like this. Many don’t invest enough resources to be responsible but not enough public outrage. Will be no news by tomorrow.
Score: 20 Votes (Like | Disagree)
Graphikos Avatar
12 months ago

I own a small car dealership and I encrypt all of my customer's data at rest. I could hand my database to a hacker with next to nothing compromised. You'd need to dump my database and steal the secret in memory key.

In 2021 these companies need to be held accountable. Unacceptable.
That all sounds nice in theory but as we know nothing is ever 100% secure. For a small business, you can more easily lock things down and restrict access. When you talk about large corporations with so many different facets and functions it becomes much harder to grant access to those who need it, trust everyone that is involved, and keep hardware and software secure. There are just so many more variables that you really can't compare.
Score: 17 Votes (Like | Disagree)
SFjohn Avatar
12 months ago
That’s totally unacceptable in this day and age. As a T-mobile customer for years now, this is really bad. Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information! What else? Mother’s Maiden Name? T-Mobile needs to pay for a lifetime of fraud monitoring on every account stolen!
Score: 14 Votes (Like | Disagree)
ouimetnick Avatar
12 months ago
? I switched from AT&T to T-Mobile this past May…. ??
Score: 12 Votes (Like | Disagree)

Related Stories

European Commisssion

EU Member States Agree to Extend Free Mobile Roaming Policy Until 2032

Friday December 10, 2021 3:19 am PST by
So-called mobile phone "roaming" will remain free within the European Union for another decade, the European Commission has confirmed. The governing body said that a political agreement had been reached between the member states and the European Parliament to extend the practice until 2032. In a press release announcing the agreement to extend the free roaming policy, the European...
tmobilelogo

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

Friday August 27, 2021 1:03 pm PDT by
T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users. Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale. "We...
tmobilelogo

T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

Wednesday August 18, 2021 5:41 am PDT by
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers. Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company...
life360 app

Tile Buyer Life360 Selling Precise Location Data on Millions of Users [Updated]

Monday December 6, 2021 1:05 pm PST by
Location tracking service Life360 has been selling the precise location data of tens of millions of its users, according to a new report shared by The Markup. Life360 bills itself as a "family safety platform" app that is meant to allow family members to keep tabs on one another with tracking software that's installed on smartphones, and there are both Android and iPhone apps. The...
apple privacy

Apple Fined $11 Million in Italy for Employing 'Aggressive Methods' in Commercial Use of Private Data

Friday November 26, 2021 2:16 am PST by
Apple and Google were today fined 10 million euros ($11 million) by Italy's Competition Authority for allegedly using user data for commercial purposes without their explicit consent, an apparent violation of Italy's Consumer Code. The authority claims that both Apple and Google utilize user data they collect through their services for promotional and economic activity without the user's...
iCloud General Feature

UK Network Operators Target iCloud Private Relay in Complaint to Regulator

Sunday March 13, 2022 3:48 am PDT by
A group of UK network operators have formally urged the UK's Competition and Markets Authority (CMA) to regulate iCloud Private Relay, claiming that Apple's privacy service is anti-competitive, potentially bad for users, and a threat to national security. In its response to the CMA's Interim Report on mobile ecosystems, Mobile UK, a trade association of British mobile network operators,...
t mobile walmart

T-Mobile's Smartphones Coming to 2,300 Walmart Locations Across the U.S.

Monday September 13, 2021 1:19 pm PDT by
T-Mobile today announced that its T-Mobile and Metro by T-Mobile smartphones will soon be available in more than 2,300 Walmart locations across the United States, significantly expanding T-Mobile's footprint. T-Mobile devices will be listed on Walmart.com, though customers will need to visit a Walmart store to make a purchase. The rollout follows the availability of T-Mobile devices in Best...
tmobilelogo

T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach

Friday August 20, 2021 9:21 am PDT by
T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers. At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile ...

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
13 inch macbook pro m2 mock feature 2

M2 MacBook Pro Much Slower Than Previous Model

Friday July 1, 2022 2:24 am PDT by
Apple's new 13-inch MacBook Pro with the M2 chip features a significantly slower SSD compared to the previous model, resulting in poorer performance in some workflows, it has been discovered. Specifically, it has been found that the $1,299 base model with 256GB of storage has significantly slower SSD read and write speeds compared to the equivalent previous-generation 13-inch MacBook Pro....