Update: T-Mobile has confirmed a security breach, but says it doesn’t yet know the extent of it. Statement below.

A hacker is selling what they claim is personal data from 100 million T-Mobile customers in the US, stating that this means full records for each customer, including social security numbers…

Motherboard reports.

The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers […]

Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

“T-Mobile USA. Full customer info,” the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.

The data appears comprehensive:

  • Names
  • Social security numbers
  • Phone numbers
  • Physical addresses
  • Unique IMEI numbers
  • Driver license information

The hacker says they are privately selling much of the data, but can supply 30 million social security numbers and driver license details for 6 bitcoin ($270,000). This data would be a prime target for identify theft.

T-Mobile initially neither confirmed nor denied the claim, but later issued an updated statement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.

This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

Earlier this summer, there was another major privacy fail when a hacker managed to scrape the data of 700 million LinkedIn users.

second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.

The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date.

Photo: Mika Baumeister/Unsplash

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear