T-Mobile US Inc. acknowledged earlier today that it is investigating a possible data breach potentially affecting more than 100 million users. It is being reported that a hacker is attempting to sell, online, private and personally identifiable information of T-Mobile users that includes names, Social Security numbers, addresses, phone numbers, and driver’s license information. As of Sunday, the asking price for data belonging to 30 million T-Mobile customers is six bitcoins (approximately $270,000). Whether the data is legitimate, or if the reported number of affected users is real, remains to be seen.
In a statement released on Sunday, T-Mobile acknowledged, “[w]e are aware of claims made in an underground forum and have been actively investigating their validity...We do not have any additional information to share at this time.”
Update on August, 18, 2021
T-Mobile US Inc. provided an update, Wednesday, August 18, 2021, on its ongoing investigation into a cyberattack on its systems and has confirmed that personal data of about 7.8 million of its current postpaid customers, about 850,000 of its prepaid customers, and more than 40 million records of former or prospective customers were also stolen.
While the company has confirmed that the compromised data included customers’ first and last names, date of birth, social security numbers, and driver’s license information the company noted, in a statement, “[i]mportantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”
T-Mobile has previously assured customers that it is confident that it has closed and secured the entry point previously used by the hacker to access the data.
Nixon Peabody’s Cybersecurity and Privacy Team will continue to monitor developments and any fallout concerning this revelation.