The US telecom giant T-Mobile has confirmed on Sunday that hackers are selling the data of more than 100 million customers for roughly $277,000. T-Mobile is investigating the data breach after the threat actors claimed to hack the servers and the databases of millions of customers.
On Sunday, Motherboard reported that it was in contact with the seller, who said they took data from T-Mobile’s servers that have details like Social Security numbers, names, addresses, driver licenses of the customers.
100 Million T-Mobile Customers Data including unique IMEI numbers, Names, & Other Details Stolen
According to the reports, the hackers have hacked T-Mobile’s production, servers, and staging around two weeks ago; even the Oracle database server is hacked.
A T-Mobile spokesperson said to The Verge,
“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
Cyble, a Cybersecurity intelligence firm, said that the threat actor had stolen approximately 106GB of data, including the customer relationship management (CRM) database of T-Mobile. The motherboard was the first that reported this data breach.
In the last few years, T-Mobile has been the target of several data breaches. The most recent one is in December 2020, when call-related information and phone numbers of few customers were exposed, but it did not have more sensitive information like names or Social Security numbers.
This is not the first time T-Mobile has been scandal. Earlier, in February, the company was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.
In 2019, a few of the prepaid customers of T-Mobile were affected by a breach that hacked the names, addresses, and account numbers. In 2018, around 2 Million T-Mobile customers’ personal information was hacked.