T-Mobile is investigating claims of a data breach that reportedly involves information related to more than 100 million customers.
Claims of stolen customer data were first reported by Vice’s Motherboard, after a post in an online forum that purported to be selling personal information (though the post did not mention T-Mobile by name, the hacker told Motherboard data obtained was for over 100 million people and came from the carrier’s servers).
In response to questions from FierceWireless, T-Mobile said it's actively investigating whether the claims are legitimate, but did not comment further.
"We are aware of claims made in an underground forum and have been actively investigating their validity. Unfortunately, we do not have any additional information to share at this time," a T-Mobile spokesperson said via email.
According to Motherboard, the information came from T-Mobile servers and included information of social security numbers, phone numbers, names, physical addresses, unique IMEI numbers and driver licenses.
The technology outlet said it viewed samples of the data and confirmed there was accurate information about T-Mobile customers. The customer data is reportedly being sold in an underground online forum and privately, though Motherboard said it appeared T-Mobile has already blocked the hacker’s access to compromised servers.
T-Mobile has been hit by data breaches in the past, including 2019 when an attacker gained unauthorized access to prepaid customers’ service account info, affecting around 1.5% of the carrier’s customers. No financial data, passwords or social security numbers were compromised in that attack. In 2018, T-Mobile said around 3% of its customer base, or about 2 million users had their account data hacked by unknown international entity. And in 2015 T-Mobile found that personal information was stolen for 15 million people who applied for T-Mobile services when credit application vendor Experian’s systems were breached.