T-Mobile is investigating claims by a hacker that they have put sensitive information about more than 100 million of the company’s customers up for sale after breaching its servers.
T-Mobile confirmed on Monday that some of its data was accessed without authorization. The company says it has not determined if the data included personal information or the number of records affected.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said in a statement. “This investigation will take some time but we are working with the highest degree of urgency.”
T-Mobile said it is coordinating its investigation with law enforcement.
The data acquired by the hacker appears to include names, Social Security numbers, addresses, phone numbers and driver’s license information, Motherboard first reported. The sales ad for the data asks for roughly $278,781 worth of bitcoin in exchange for 30 million Social Security numbers and driver’s licenses from the data set.
T-Mobile has just over 100 million customers in the United States, meaning that the data set could cover a significant portion of its U.S. consumers.
The hacker selling the set told Motherboard that it retrieved the data from multiple T-Mobile servers that the company has since regained control over. Motherboard confirmed that samples of the data matched T-Mobile customers.
The breach would be the fifth the company has suffered in four years. T-Mobile disclosed a smaller breach of roughly 200,000 users in January that included phone numbers and some call-related information. No personal or financial information was exposed.
Updated 8/16/21: to include a response from T-Mobile