T-Mobile, one of the largest wireless service providers in the USA, has been hacked. The wireless carrier released a statement on August 16th, 2021 confirming the incident. According to a post published in the company’s newsroom, T-Mobile is investigating claims that sensitive company data may have been illegally accessed during a cyber incident. The investigation at T-Mobile is ongoing, and understandably, they will take their time to find out what happened before providing further communication to their customers and stakeholders.
However, in the meantime, hackers are openly selling data that they claim belongs to T-Mobile. The hackers are selling the stolen information for six Bitcoins. According to the hackers, the stolen data includes Social Security Numbers, drivers license numbers, physical addresses, phone numbers, and full names of US-based T-Mobile customers. The seller told Ars Technica that the data relates to more than 100 million people and was obtained from compromised T-Mobile servers.
The location of the hackers behind the incident is currently unknown. The bad actors confirmed to VICE that they no longer have access to the T-Mobile servers, but they had downloaded the data locally. If this hack proves to be related to so many people, it would easily be classified as one of the most significant carrier data breaches ever.
The last few years have been pretty rough for T-Mobile as this is not the first time cybercriminals have hacked the IT giant. If this hack proves to be real, which appears to be very likely, this would be their third major cyber incident since 2018. While the other two breaches reportedly exposed personal data, this would be the worst hack for them should the investigation show that SSN and drivers license numbers were among the stolen information.
What can you do?
If you are a T-Mobile past or current customer, it may be a good time to stay alert for further communication from the wireless carrier and freeze your credit with all three major credit bureaus. Leakage of names and email addresses happen more often than it should, but when drivers license numbers and SSN details leak, people need to take the matter seriously and keep an eye on credit reports for suspicious activity. Activating 2-step verification wherever possible and using highly efficient antivirus software on all your connected devices is strongly recommended.