T-Mobile hack: telecoms giant confirms unauthorised access to 'some' data, launches probe
The data breach has reportedly affected 100 million T-Mobile customers
US-based mobile operator T-Mobile confirmed on Monday that it had fallen victim to a data breach that reportedly affected about 100 million of its customers.
In an update posted on its website, the company stated that an initial investigation into the incident revealed that "unauthorised access to some T-Mobile data" had occurred, although it could not determine involvement of "any personal customer data" in the breach.
The company said it was working with law enforcement on the issue.
"We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed," it added.
News site Motherboard was first to break the news on T-Mobile hack, disclosing that someone on an underground forum claimed to have obtained data of more than 100 million people.
The forum post did not mention T-Mobile, but the seller told Motherboard that they obtained data from multiple servers related to T-Mobile.
The data included names and physical address of customers, their social security information, driver's licence information, and IMEI numbers that can uniquely identify individual mobile devices.
The report added that the hacker was selling a portion of the stolen data (containing 30 million driver licences and social security numbers) on the underground forum for 6 bitcoin (about $270,000).
Motherboard said it had seen samples of data, and that they contained accurate information on T-Mobile customers.
The hacker said they were privately selling the rest of the data at the moment and had "backed up" the data in multiple places.
In its announcement, T-Mobile said that it takes the protection of its customers very seriously and was working "with the highest degree of urgency" to investigate the breach.
"We understand that customers will have questions and concerns, and resolving those is critically important to us," it said.
"Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders."
An individual, with username ' und0xxed ' on Twitter, told Krebs on Security that they were trying to find buyers for the stolen T-Mobile customer data.
Und0xxed revealed that the breach occurred after the intruders "found an opening in T-Mobile ' s wireless data network" which allowed them to access two of T-Mobile ' s customer data centres.
From there, the hackers were able to exfiltrate several customer databases totalling more than 100 gigabytes.