T-Mobile has confirmed that its computer systems were accessed without permission and says it’s now conducting an investigation to determine the full extent of the hack.
The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.
T-Mobile said that at this stage it could only confirm that “unauthorized access to some T-Mobile data” had taken place, adding that it had not yet determined if any customer data is involved.
The company, which last year merged with Sprint in a deal worth $26 billion, said that it had closed the entry point used by the hacker to gain access to its systems and is now trying to work out how many customers have been impacted by the incident.
The company added that it is “working around the clock” to investigate the data breach, and is coordinating its efforts with law enforcement.
The data breach came to light on Sunday when a post was spotted on an underground forum offering customer data linked to 100 million people. After being contacted by news site Motherboard, the seller claimed the data belonged to T-Mobile customers.
The stolen data, some of which was viewed by Motherboard, includes names, social security numbers, phone numbers, home addresses, driver license information, and unique International Mobile Equipment Identity (IMEI) numbers.
Those behind the hack are trying to sell the data in blocks containing information linked to tens of millions of T-Mobile customers, with 6 bitcoin — currently worth about $285,000 — sought for each block.
The breach is the latest in a string of similar incidents to have hit T-Mobile customers in recent years, though the one reported this week could turn out to be the most serious yet.
At the start of this year the company confirmed unauthorized access to information linked to up to 200,000 of its customers. In another incident, in 2019, around 1 million T-Mobile customers were caught up in another data breach, and a year earlier around 2 million customers may have had their personal details stolen by hackers.
In its message posted on Monday, T-Mobile said that once it has a more complete picture of what took place, it will update customers directly.