T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users.
Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile’s servers, thus leading T-Mobile to look into it. The hacker who spoke to Motherboard claimed that several T-Mobile servers had been breached.
T-Mobile has now confirmed that there was indeed unauthorized access to some customer data, but T-Mobile in a statement says it does not yet know if personal customer data has been accessed.
We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.
We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.
We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.
According to the original forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information. Motherboard said that it was provided with some samples of data and was able to confirm that they contained accurate information on T-Mobile customers.
T-Mobile says that the entry point used to gain access to the data has been closed, and it is now conducting a “deep technical review” of the situation to determine the nature of the data that was obtained. The company will not be able to confirm the reported number of records affected until the internal investigation is complete, and it plans to proactively communicate with customers when the information is available.