Massive new T-Mobile data breach may have exposed data of 100 million users

Hackers are apparently selling the stolen data on an underground forum.

What you need to know

• T-Mobile is investigating a post on an online forum that claims hackers have obtained personal data of over 100 million users from its servers.
• The breached data allegedly includes the users’ names, phone numbers, social security numbers, addresses, driver licenses information, and more.
• The seller on the underground online forum is asking for 6 bitcons (around $270,000) for a subset of the data.

A new data breach may have exposed the personal data of more than 100 million T-Mobile customers, according to Motherboard. T-Mobile, which has one the best 5G networks in the US, confirmed to the publication that it is currently investigating the claim made on an underground forum.

When reached out for a comment, a T-Mobile spokesperson told Android Central:

We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.

The data, which is is said to contain highly sensitive information such as the users’ phone numbers, social security numbers, names, unique IMEI numbers, physical addresses, as well as driver licenses information. Motherboard says it has seen samples of the breached data and that they appear to contain “accurate information on T-Mobile customers.”

The seller on the underground forum is asking for 6 bitcoins (around $270,000) for a subset of the data with 30 million social security numbers and driver licenses. The rest of the data is apparently being sold privately at the moment. Although it looks like T-Mobile has kicked the hackers out of its servers, the sellers say they have already downloaded the data locally, and it is now “backed up in multiple places.”

At this point, it isn’t clear when the hackers managed to access the data from T-Mobile’s servers. However, this isn’t the first time that hackers have managed to access users’ personal information from T-Mobile’s servers. In December last year, a security breach had exposed phone numbers and call-related details of around 200,000 T-Mobile customers.

In March 2020, a similar breach ended up exposing the personal information of some T-Mobile customers — including social security numbers, financial account information, social security numbers, as well as billing and account information. And in 2018, nearly 2 million T-Mobile customers were affected by a data breach that exposed their names, physical addresses, and account numbers.