The recent T-Mobile data breach in which a hacker claims to have stolen the personally identifiable information (PII) of roughly 100m of the mobile carrier’s customers may actually be much worse as the company has revealed new details from its investigation into the matter.
Earlier this week, a hacker posted on an underground forum in an attempt to sell a pool of data on the company’s customers which reportedly included their social security numbers (SSN), phone numbers, names, addresses, unique IMEI numbers and driver’s license information.
Now though, T-Mobile has confirmed in a new post on its site that 7.8m of its current postpaid or on contract customers did have all of the data mentioned above stolen as a result of the breach. However, the hacker was also able to acquire their IMEI (International Mobile Equipment Identity) that is assigned to every mobile device as well as their IMSI (International Mobile Subscriber Identity) that is used to identify their SIM card.
While a cybercriminal could use the exposed personal information of affected T-Mobile customers to commit identity theft, their IMSI information could potentially be used in SIM swapping attacks where an attacker takes over a user’s phone number to intercept two-factor authentication (2FA) codes as well as other data being sent to their smartphone.
T-Mobile data breach
T-Mobile also revealed that an additional 5.3m of its postpaid customers are affected by the breach though apparently their driver’s licenses and social security numbers weren’t exposed.
The accounts of 667k former T-Mobile customers were exposed as well though thankfully, former Sprint prepaid and Boost Mobile customers didn’t have their information stolen during the breach. Unfortunately, the same can’t be said for 52k Metro by T-Mobile customers who also had their information stolen.
Both T-Mobile and he FCC are currently investigating the data breach and so far, one class-action lawsuit has been filed against the mobile carrier.
Current T-Mobile customers who are concerned that their data may have been exposed can visit this page for more information on how to sign up for the company’s Scam Shield which offers scam-blocking protection and other anti-scam features. The company is also offering a free two year subscription to McAfee’s ID Theft Protection service to affected customers.
We’ll likely hear more regarding the breach and how the hacker was able to penetrate T-Mobile’s systems once the company and the FFC’s investigation is complete.
Via The Verge