T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted.
T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised.
Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web.
Bleeping Computer reported that the seller was asking for 6 bitcoin (around $270,000) for 30 million social security numbers and driver licenses, while privately selling the remaining data.
Stolen records included names, dates of birth, phone numbers, addresses, social security numbers, and driver’s license information.
The company also identified the issue exploited by attackers to access its infrastructure and addressed it.
T-Mobile provided additional info about the intrusion, it confirmed that some of the stolen files did include personal information and that financial data was not compromised.
On August 17, the preliminary analysis disclosed by the carrier revealed that the intrusion impacted roughly 7.8 million current postpaid customer accounts, as well as more than 40 million records of former and prospective customers. The attackers also compromised approximately 850,000 active prepaid customers.
Now the company has updated the advisory and revealed that additional 6 million customers or prospective customers have been affected by the intrusion.
“We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.” reads the update. “Separately, we have also identified further stolen data files including phone numbers, IMEI, and IMSI numbers. That data included no personally identifiable information.”
The Telco confirmed that the threat actors also stole IMSI and IMEI numbers, while financial data were not exposed.
T-Mobile customers have to be vigilant on phishing emails and SMS texts, never provide their information, click on embedded links, or open attachments.
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine