Yesterday, T-Mobile confirmed that it is looking at an online forum post that claims to be selling a large trove of its customer’s sensitive data. Motherboard reported that the seller of the data said they have taken data from T-Mobile’s servers that included Social Security numbers, names, addresses, and driver license information.
In the report, it was mentioned that the seller has information of more than 100 million people. The publisher reviewed samples of the data and confirmed it appears authentic.
In an email to The Verge, a T-Mobile spokesperson said “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
It is not clear how the data has been accessed. However, it should be noted that T-Mobile has been the target of several data breaches in the last few years. Just a few months ago, in December last year, call related information and phone numbers of some of its customers have been exposed. At that time, the company said, the data breach did not include more sensitive information like names or Social Security numbers.
Three years ago, in 2018, a group of hackers accessed the personal information of roughly 2 million T-Mobile customers. At that time, the data breach included names, addresses, and account numbers. Again in 2019, some of T-Mobile’s prepaid customers were affected by a breach that revealed their names, addresses, and account numbers. In March 2020, a data breach exposed some T-Mobile customer’s financial information, Social Security numbers, and other account-related information.
As per the trend, it seems, the company has faced innumerable data breaches over the years and it is high time that it focuses on security. We have to wait and see what steps the company takes to neutralize further data breach attempts.