U.S. telecom large T-Mobile is looking into an alleged huge data breach which will have compromised greater than 100 million customers.
In response to Vice’s Motherboard, T-Mobile is investigating an alleged data breach claimed by the creator of the put up on an underground discussion board. The Aug. 15 report says the hacker claims to have obtained data on greater than 100 million customers from T-Mobile servers.
The vendor is asking for six BTC — roughly $287,000 at present costs, in trade for some of the data.
Motherboard has seen samples of the data which embody social safety numbers, telephone numbers, names, bodily addresses, distinctive IMEI numbers and driver license info.
The vendor informed the outlet that they’re privately promoting most of the data in the intervening time, however will hand over a subset of the data containing 30 million social safety numbers and driver licenses for the BTC ransom.
Referring to T-Mobile’s alert and potential response to the breach, the hacker mentioned “I think they already found out because we lost access to the backdoored servers.”
A T-Mobile spokesperson mentioned that the corporate is “aware of claims made in an underground forum” and is “actively investigating their validity” adding: “We do not have any additional information to share at this time.”
It is not the first time T-Mobile has been at the center of a cyber-security scandal. In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.
A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim’s online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.
In this case, the victim Calvin Cheng accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers’ accounts.
T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.
In April this year, hardware wallet manufacturer, Ledger, confronted a class-action lawsuit relating to the key data breach that noticed the private data of 270,000 customers stolen between April and June 2020.