T-Mobile has confirmed that hackers have stolen the data belonging to at least 47 million of its customers.
The German mobile telecommunications subsidiary of Deutsche Telekom AG, also noted that the hackers are demanding payments in Bitcoins.
This would be T-Mobile’s fifth known breach in less than three years.
The company previously disclosed breaches in 2018, 2019, and 2020 as well as January of this year.
Background to the gist:
On Monday, a hacker started offering for sale personal data from T-Mobile customers.
A hacker is selling what they claim is personal data from 100 million T-Mobile customers in the US, stating that this means full records for each customer.
The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.
Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
Confirming the breach, T-Mobile said the hackers truly hacked into its systems and stole some data.
T-Mobile said the hackers stole, from its system, the personal information of millions of current, former, and prospective customers.
According to the company, “”we have determined that unauthorized access to some T-Mobile data occurred.”
Earlier in a statement, T-Mobile said, “however, we have not yet determined” if the hackers breached any customer’s personal data”
“The entry point for the attack has been closed, according to the carrier, which is now “continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
However, after its analysis, T-Mobile confirmed the data that the hackers stole from its system.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” T-Mobile said in a statement.
What Data Did the hackers steal:
T-Mobile said the hackers stole data such as T-Mobile’s prepaid customer names, phone numbers and account PINs.
The hackers also stole the driver’s license numbers and SSNs of over 30 million T-Mobile’s customers.
SSN means Social Security number.
It is a numerical identifier which U.S. government assigns to citizens and some residents to track their income and determine benefits.
Other data the hackers stole includes: phone numbers, physical addresses, and unique IMEI numbers associated with specific phones.
The company also revealed that the hackers breached some “additional information” from inactive prepaid accounts.
It however said that “no customer financial information, credit card information, debit or other payment information or [Social Security numbers were] in this inactive file.”
Also, T-Mobile said the hackers did not steal the names and PINS of Customer in Metro by T-Mobile, Sprint, and Boost categories.
Postpaid and Prospective T-Mobile Customers:
T-Mobile said “For a subset of current and former post-pay customers and prospective T-Mobile customers,” accessed data includes customers’ first and last names, date of birth, Social Security numbers, and driver’s license/ID information, T-Mobile says.
It said hackers did not steal Phone numbers, account numbers, PINs, passwords, or financial information in any of its files.
Hackers demand payment in Bitcoins:
Meanwhile, one of the hackers who gained access to T-Mobile servers is demanding payments in Bitcoins.
The hacker is demanding 6 BTC, which is worth roughly $276,000 at Bitcoin’s current exchange rate.
The hacker is asking the cryptocurrency in exchange for the SSNs and driver’s license information of 30 million people.
Dangers you stand to face by this T-Mobile’s data breach:
If you are one of the customers of T-Mobile, then you stand to face one of these risks:
- Phishing attacks: This is a cyber attack that targets specific people with messages tempting them to click on malicious links.
- Also, the malicious messages may urge unsuspecting victims to install malware on their devices.
- With the malwares, hackers can then takeover the victims’ data, devices and wipe their accounts of money.
- The hackers can also launch other kinds of attacks on the target individuals.
Implication and what Should You Do Now To Remain Safe:
Although T-Mobile says it will publish a web page with “information and solutions” surrounding the breach, you should do these:
To avoid phishing, be wary of suspicious emails asking you to click on links.
Also, be aware of suspicious text messages asking you to provide personal information.
Meanwhile, T-Mobile has said it will offer two years of free identity protection services with McAfee’s ID Theft Protection Service.
It also said it will offer its Account Takeover Protection services to postpaid customers.
It said this move “makes it harder for customer accounts to be fraudulently ported out and stolen.”
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack.”
“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
Prepaid T-Mobile Customers:
Although the hackers stole about 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs, the company has solutions.
It said it has reset all the PINs that the hackers stole.
T-Mobile also said it will contact all customers who became victims.
Action For Postpaid and Prospective T-Mobile Customers:
It recommends that postpaid customers change their PIN via their T-Mobile account or by calling 611 on their phones.
It said though “we have no knowledge that'” the hackers compromised “any postpaid account PINs.”
T-Mobile claimed the hackers did not compromise phone numbers, account numbers, PINs, passwords, or financial information.