T-Mobile is looking at a possible data breach affecting 100mn users

T-Mobile is looking at a possible data breach affecting 100mn users

T-Mobile, the largest wireless carrier in the United States, is investigating an alleged massive data breach. That could have affected more than 100 million customers.

T-Mobile is investigating an alleged data breach claimed by the author of the post on an underground forum. According to Vice’s Motherboard. According to the report, the hacker claims to have gotten data on over 100 million T-Mobile customers from T-Mobile servers.

In exchange for some of the data, the seller is asking for 6 bitcoins (approximately $287,000 at current prices).

Social security numbers, phone numbers, names, physical addresses, unique IMEI numbers. And driver license information among the data samples seen by Motherboard.

The seller told the outlet that they are currently selling the majority of the data privately. But that in exchange for the BTC ransom. They will hand over a subset of the data containing 30 million social security numbers and driver licenses.

“I think they already found out because we lost access to the backdoored servers.” the hacker said. Referring to T-alert Mobile’s and possible response to the breach.

The company is aware of claims and investigating

The company is “aware of claims made in an underground forum” and “actively investigating their validity”. According to a T-Mobile spokesperson, who added, “We do not have any additional information to share at this time.”

T-Mobile isn’t the first company to be involved in a cyber-security scandal. A victim of a SIM-swap attack who lost $450,000 in Bitcoin sued the mobile carrier in February.

When a victim’s cell phone number is stolen, a SIM-swap attack occurs. This is used to gain access to the victim’s online finances. And social media accounts by intercepting two-factor authentication security messages or phone calls.

Calvin Cheng, the victim, in this case, accused T-Mobile of failing to implement adequate security policies. That is to protect its customers’ accounts from unauthorized access.

In July 2020, T-Mobile was sued by the CEO of a cryptocurrency firm for a series of SIM swaps. Also, that resulted in the loss of $8.7 million in digital assets.

Moreover, Ledger, a hardware wallet manufacturer, was hit with a class-action lawsuit in April this year over a major data breach. In addition, that saw the personal information of 270,000 customers stolen between April and June 2020.

...