T-Mobile hit with another security breach, leaving millions of customers exposed

T-Mobile logo
T-Mobile logo (Image credit: Android Central)

Update, Aug 20 (1:30 p.m. ET): T-Mobile confirms additional compromised accounts

Update, Aug 18 (2:00 a.m. ET): T-Mobile shares more information about its ongoing investigation

Update, Aug 16 (4:30 p.m. ET): T-Mobile says there was unauthorized access to user data

What you need to know

  • T-Mobile is investigating a post on an online forum that claims hackers have obtained the personal data of over 100 million users from its servers.
  • The breached data allegedly includes the users' names, phone numbers, social security numbers, addresses, driver's licenses information, and more.
  • The seller on the underground online forum is asking for 6 bitcoins (around $270,000) for a subset of the data.

A new data breach may have exposed the personal data of more than 100 million T-Mobile customers, according to Motherboard. T-Mobile, which has one of the best 5G networks in the U.S., confirmed to the publication that it is currently investigating the claim made on an underground forum.

When reached out for a comment, a T-Mobile spokesperson told Android Central:

We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.

The data, which is said to contain highly sensitive information such as the users' phone numbers, social security numbers, names, unique IMEI numbers, physical addresses, and driver's licenses information. Motherboard says it has seen samples of the breached data and that they appear to contain "accurate information on T-Mobile customers."

The seller on the underground forum is asking for 6 bitcoins (around $270,000) for a subset of the data with 30 million social security numbers and driver licenses. The rest of the data is apparently being sold privately at the moment. Although it looks like T-Mobile has kicked the hackers out of its servers, the sellers say they have already downloaded the data locally, and it is now "backed up in multiple places."

At this point, it isn't clear when the hackers managed to access the data from T-Mobile's servers. However, this isn't the first time hackers have managed to access users' personal information from T-Mobile's servers. In December last year, a security breach had exposed phone numbers and call-related details of around 200,000 T-Mobile customers.

In March 2020, a similar breach ended up exposing the personal information of some T-Mobile customers — including social security numbers, financial account information, as well as billing and account information. And in 2018, nearly 2 million T-Mobile customers were affected by a data breach that exposed their names, physical addresses, and account numbers.

Update, Aug 20 (1:30 p.m. ET) ― Additional accounts found to be compromised

T-Mobile has provided another update on its ongoing cyberattack investigation. As of Friday, the carrier has identified an additional 5.3 million postpaid accounts that have been illegally accessed. That's in addition to the 7.8 million that were originally identified. Information illegally accessed from these accounts included names, addresses, date of births, phone numbers, IMEIs, and IMSIs, but SSNs and driver's license/ID information were not compromised.

Additionally, while T-Mobile estimated roughly 40 million former or prospective customer information was illegally accessed, nearly 700,000 accounts from former customers were identified as part of the attack. However, this also did not include any SSNs or driver's license/ID information.

Some information from more than 50,000 Metro by T-Mobile accounts was accessed, but none of it includes personally identifiable information.

T-Mobile also maintains that none of the stolen data includes financial information and that former Sprint prepaid and Boost customers were also not affected. The carrier continues to recommend resetting PINs, passwords, and other tools to protect your accounts.

Update, Aug 18 (2 a.m. ET) — T-Mobile confirms the data stolen from its servers included 'some' personal information

T-Mobile has shared additional information regarding the cyberattack against its systems, confirming that the stolen data did include customers' personal information such as first and last names, date of birth, and social security numbers. It believes that around 7.8 million current T-Mobile postpaid customer accounts' information might be contained in the stolen files. Over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile may have been affected as well.

As a result, the carrier is offering 2 years of free identity protection services to its customers, along with Account Takeover Protection capabilities for postpaid customers. It has also recommended all postpaid customers change their PIN.

Update, Aug 16 (4:30 p.m. ET) ― T-Mobile says severity of data breach unknown

Following reports of a massive data breach, T-Mobile has issued an update on its investigation. So far, the company has determined that there was unauthorized access to T-Mobile data but has "not yet determined that there is any personal customer data involved."

The company says that it is working with digital forensic experts and coordinating with law enforcement.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

T-Mobile says that the investigation with "take some time" and that it cannot yet confirm the amount of data or users that have been affected.

Babu Mohan
News Writer