T-Mobile Hacked: Wireless carrier confirmed hackers stole about 7.8 million customers’ personal data; not just customers

Hackers strike again. On Monday, a hacker offered for sale personal data from T-Mobile customers. Now the phone carrier is confirming the hack. T-Mobile said this morning that an ongoing investigation into the attack on its systems found that some personal data of about 7.8 million of its current postpaid customers were breached.

Even though some of the details provided by T-Mobile were different from the claims made by the hacker, the carrier admitted that 47.8 million personal data, which includes both social security numbers and driver’s license details for “a subset’ of people” along with account PINs for some, were stolen.

T-Mobile added that the hack was not just limited to the current customers. Those who just applied for a T-Mobile account are also at risk, even if you just applied for a T-Mobile account.

In a statement, the company said it was made aware of the attack late last week after an online forum claimed that the personal data of its users were leaked. Personal data of about 850,000 prepaid customers and more than 40 million records of former or prospective customers were also stolen, T-Mobile said.

In a blog post on Monday, T-Mobile acknowledged the data breach and added it was confident the entry point used to access the data had been closed.

“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.”

Last week, Motherboard reported:

The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers […]

Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

“T-Mobile USA. Full customer info,” the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.

The data appears comprehensive:

• Names
• Social security numbers
• Phone numbers
• Physical addresses
• Unique IMEI numbers
• Driver license information

The alleged hacker said they are privately selling much of the data, but can supply 30 million social security numbers and driver license details for 6 bitcoin ($270,000). This data would be a prime target for identity theft.