T-Mobile CONFIRMS it has been hacked amid claims 100m customers' social security numbers, driver licenses and personal details were stolen and are on sale for $270,000 worth of Bitcoin
T-Mobile has confirmed its servers have been hacked - but refused to confirm claims 100 million customers personal data - including social security numbers and drivers licenses - are now for sale online.
The hack was confirmed Monday afternoon, with a spokesman saying: 'We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved.'
T-Mobile offered no further details of the breach, or confirmation that details including the names, addresses and unique phone serial numbers - known as IMEIs - of almost its entire customer base had been compromised.
Cyberscoop reporter Tonya Riley tweeted that the telecoms giant had told her it was confident it had sealed-off the security loophole that had allowed the hack to happen, and that it was working with law enforcement to investigate the crime.
The unconfirmed allegations about what exactly the hack involved could mean nearly all T-Mobile's 104.8 million subscribers would be affected,
That would mark a stunning public relations blow for the company and CEO Mike Sievert, who took over last year upon the merger with Sprint.
'We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time,' a T-Mobile spokesperson said in a statement on Sunday.
U.S.-based digital media outlet Vice first reported the claims of a data breach. The veracity of the hacker's claims could not be independently verified.
T-Mobile is investigating a claim on an underground forum post which says the personal data of over 100 million users have been breached. T-Mobile CEO Mike Sievert is seen above
According to the report in Vice's Motherboard, the forum's post does not mention T-Mobile, but the hacker told Vice they have obtained data of over 100 million people and that the data came from T-Mobile servers.
The data included information such as social security numbers, phone numbers, names, physical addresses and driver licenses information, the report added.
The hacker also claims to have obtained the IMEI numbers that act as a unique fingerprint identifying mobile devices.
In the online forum, the hacker is asking for six Bitcoin for a subset of the data containing 30 million social security numbers and driver licenses, while the rest of the data is being sold privately, according to the Vice report.
It is not the first breach to impact T-Mobile customers. In 2018, the company was hit with a breach in which hackers obtained the personal data of roughly two million customers including names, addresses, and account numbers.
In 2019, hackers gained access to the personal data of some of T-Mobile's prepaid customers.
The hacker claimed the data included information such as social security numbers, phone numbers, and driver licenses information
And a March 2020 breach exposed the social security numbers, financial information, and account information of some T-Mobile customers.
T-Mobile completed its merger with Sprint last April, making it the second largest wireless phone carrier in the U.S.
The company reported a subscriber base of 104.8 million in the second quarter of 2021, second only to Verizon with 121.3 million subscribers.
Verizon has also been targeted by hackers seeking to steal and sell customer information, and in 2017 a breach exposed the account details of some 14 million subscribers.
Shares of T-Mobile were down as much as 2 percent in pre-market trading on Monday.