Join our daily newsletter At The Bell to receive exclusive market insights
- US telco giant T-Mobile is the latest victim of a major cyberattack, with millions of customers allegedly having their data breached
- The mobile service provider says the information of almost 50 million current, former, and prospective customers has been compromised
- This information includes names, birthdays, social security numbers, and other identification information
- The US Federal Communications Commission (FCC) says it will investigate the incident
- The T-Mobile data breach is the latest in a string of cyberattacks against high-profile tech companies over 2021 so far
One of the largest mobile service providers in the US is the latest victim of a major cyberattack, with millions of customers allegedly having their data breached.
T-Mobile confirmed on Tuesday some of its data was illegally accessed after the news was first broken by media outlet Vice.
According to Vice, someone made a post in an underground forum claiming to have obtained data relating to over 100 million people from T-Mobile servers. The poster allegedly announced they were selling the data for six bitcoin, or around $373,000.
On Wednesday, T-Mobile said the compromised information included the names, birthdays, social security numbers, and other identification information for almost 50 million people.
Of these, 7.8 million people were existing T-Mobile customers, though the information of just over 40 million former or prospective customers who had provided their data to T-Mobile was also nabbed.
“We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile said in a statement.
In response to the security breach, T-Mobile said it will offer customers two years of free identity protection services and contacting affected customers with recommendations to change their PIN numbers.
The telco giant said the names and PIN numbers of 850,000 pre-paid customers were exposed in the data breach, and the company has already reset all of the PINs on these accounts.
Bizarrely, not long after Vice first broke the news, reports surfaced that the $373,000 asking price for the information had plummeted, and the entire set of data was instead being sold for just $200.
The seller said they were kicked out and locked out of T-Mobile’s servers soon after accessing the data, but not before downloading the entire set to a local server.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” T-Mobile said.
FCC involvement
Following T-Mobile’s confirmation of the data breach, the US Federal Communications Commission (FCC) said it would investigate the incident.
“Telecommunication companies have a duty to protect their customers’ information,” the FCC told Reuters.
“The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating.”
The T-Mobile data breach is the latest in a string of cyberattacks against high-profile tech companies over 2021 so far.
US software giant Kaseya, global meat processor JBS, and decentralised finance platform Poly Network have all been subject to some form of cyberattack since the start of June.
