On Wednesday, mobile telecommunications company T-mobile revealed that an investigation into a cyberattack on its systems has shown that the personal information of about 7.8 million of its current postpaid customers had been compromised by hackers. In a statement by the company, T-Mobile was oblivious to the hack until an online forum claimed that the personal information of some of its customers have been leaked, and this led to the still ongoing investigation that showed that indeed this was true.
T-Mobile said that the data of about 850,000 prepaid customers were also stolen and that the records of over 40 million previous and prospective customers were also stolen. The information of customers that had been stolen included their full names, social security numbers, dates of birth, and information relating to their driver’s license. T-Mobile, however, failed to make it known if the financial details of customers were compromised.
T-Mobile became aware of the hack late last week and assured the public on Monday that the entry point that the hackers had used to access the aforementioned data of its customers had been closed. A Monday statement said that “we have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We have determined that unauthorized access to some T-mobile data occurred, however, we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed”.
Data hacks are not a new thing and it remains a huge challenge for companies across industries such as telecommunications, finance, etc. The T-Mobile breach can hardly be ignored because of the amount of information that was stolen, and how sensitive this information is. The data breach was first reported on Sunday by Motherboard who claimed that someone on the dark web wanted to sell some of the data of T-Mobile customers for six Bitcoin.
Speaking about the occurrence, the Director of Threat Intelligence at Abnormal Security said that “this is ripe for using the phone numbers and names to send out SMS-based phishing messages that are crafted in a way that’s a little bit more believable”, emphasizing how the sensitive data of customers can be used by the potential buyer in ways that could yet be imagined.