It seems like we can’t go a week without hearing about another massive security breach at a mega-corporation. This week’s shocker comes courtesy of T-Mobile, at least according to one self-reported hacker claiming to sell the company’s customer data. T-Mobile says it’s “investigating” the possible theft of data from over 100 million people. If true, it would be the fourth notable data breach from T-Mobile in the last four years.
Vice has reportedly spoken to said hacker, who told the media outlet that the data includes the usual names, phone numbers, and IMEI data, but also includes more valuable personal information. These include drivers’ license info, social security numbers, and personal addresses. Assuming the claim is genuine, it’s a treasure trove of tools for identity theft, being sold on an underground forum for a pittance at 6 untraceable bitcoin (a little under $280,000 USD, at today’s prices).
The hacker claims that T-Mobile is aware of the theft, as they no longer have access to the information, though it’s reportedly saved in a local file. T-Mobile said that it’s investigating the claims that have been made, but has not verified them as of yet.
Customers would certainly be justified being upset with T-Mobile if their personal information was stolen, especially since opening a post-paid phone line or buying a phone on a payment plan requires the same kind of credit check as a car loan. It would be an embarrassing addition to a string of breaches for the company, most recently in December and March of last year. T-Mobile also had breaches in 2017 and 2018. This is becoming a running theme.
But in today’s world, it’s not so much if your information will be leaked, but when. Trusting corporations to be responsible stewards of your data will inevitably end in disappointment, and the only real alternative is vigilance in watching your own accounts and information for anomalies.
We’ll be watching for updates from T-Mobile on this possible hack.