T-Mobile is grappling with yet another reported data breach. The carrier told Motherboard in a statement that it’s investigating an “underground forum” member’s claims that they’re selling data for over 100 million customers, including social security numbers and device IMEI numbers. While the scale of the breach hasn’t yet been verified, Motherboard has confirmed the authenticity of at least some of the data.
The intruder is selling data for about 30 million customers for the equivalent of $270,000 in Bitcoin. The rest of the data is reportedly being sold through private channels.
It’s not certain how the perpetrator obtained the info. T-Mobile supposedly booted the attacker out of the servers, but not before they downloaded and purportedly backed up the content.
The network has a less-than-stellar history of breaches in recent years. Hackers compromised sensitive customer info in late 2019, while a late 2020 attack scraped limited data for about 200,000 users. If the forum claims are accurate, though, this is much more serious. T-Mobile had over 104.7 million customers as of the second quarter of 2021 — this breach might affect virtually every user. While it’s not certain just how much real damage has been done, you might want to watch out for suspicious activity if you’re a magenta subscriber.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.