If you have a T-Mobile account pay attention. Even as you read this T-Mobile is investigating a suspected breach of customer personally identifiable data. As you have probably guessed, you might be caught up in another data breach.
The data reportedly includes the social security numbers, phone numbers, names, physical addresses, unique device IMEI numbers, and driver license data of roughly 100 million T-Mobile customers. That’s the mother lode! The hacker is asking for payment in bitcoin for a portion of the data containing 30 million social security numbers and driver licenses. The remaining 70 million files is reportedly being sold privately. So this information is likely headed to the criminal dark web where Social Security numbers are highly valued. According to Motherboard the hacker claims to have hacked into several T-Mobile servers.
T-Mobile has not yet acknowledged the breach only saying; “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.” That’s corporate speak for “We don’t know what hit us!”
Now before you panic you need to understand a few things. Fist of all this may be nothing at all since T-Mobile was hacked several times before in 2018. In that breach only about 2 million records were stolen. This suspected data breach could be a false alarm. It is not unheard of for hackers to re-sell previously stolen data as new. So we should give T-Mobile time to verify the facts. Another thing you need to consider is the amount of bitcoin the hacker is asking for. Reports are that he, or she, is only asking about 6 bitcoins which equates to $275,0000 to $300,000 for 30 million files. Another indicator this could BS. That is actually a paltry sum if the hacker indeed has 100 million records. That could indicate an amateur who is not familiar with the price of stolen data. This does not fit with known patterns of hackers stealing data. Normally a hacker would offer a sample of the data to be verified by the owner then ask for a few million dollars in bitcoin or they would sell it to the highest bidder. But of course I could be wrong. Lets wait and see.
