T-Mobile says 48 million current and former customers impacted by hack, offers free identity...

midian182

Posts: 7,159   +64
Staff member
In brief: T-Mobile has now confirmed that data on approximately 48 million former and current customers was stolen during an attack on the company. As such, it will offer those affected two years of free identity theft protection.

Earlier this week, it was reported that a hacker was offering to sell T-Mobile customer data. They claimed to have information relating to 100 million accounts, asking 6 Bitcoin, around $270,000, for a subset that contained info on 30 million social security numbers and driver licenses.

T-Mobile said it was investigating the incident. It confirmed on Monday that there had been unauthorized access to company data, but it had yet to determine if customer information was compromised. It has now been confirmed that the hacker accessed data relating to around 48 million customers, which includes first and last names, dates of birth, social security numbers, and driver’s license information.

“While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information,” T-Mobile told Gizmodo.

T-Mobile added that there is no indication the stolen files contained customer financial information, credit card information, debit, or other payment information. It says that current, former, and prospective customers may have been impacted.

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.”

T-Mobile is now encouraging customers to change their PINs and sign up for its Account Takeover Protection service. It has also pledged to give out two years of free identity protection through McAfee’s ID Theft Protection Service.

While the hacker still insists they stole data related to 100 million customers, T-Mobile claims the actual figure is closer to 48 million. Either way, it’s still a massive number and will be a huge PR blow to a company with a history of being hacked.

Permalink to story.

 

Plutoisaplanet

Posts: 541   +822
I'm not a fan of T-Mobile and I think IT security is very important for companies, but this is getting ridiculous. The US government needs to go after the buffoons who currently can freely go after any company and use their work for financial gain. The sad part of it is that the people who really suffer here are the everyday man... This, with the Accellion, Colonial Pipeline and record number of cyber security incidents in 2021 show it's like the wild west on the Internet right now.

This is another important issue that Biden needs to tackle. Throwing 0.1% of money from the infrastructure bill at others to fund any cybersecurity related efforts is worthless. We need funding for investigations into cybersecurity incidents and serious international cooperation to scare the bejeezus out of anyone unauthorized who is considering attacking technological infrastructure for monetary gain.
 
Last edited:

wiyosaya

Posts: 6,530   +4,920
I'm not a fan of T-Mobile and I think IT security is very important for companies, but this is getting ridiculous. The US government needs to go after the buffoons who currently can freely go after any company and use their work for financial gain. The sad part of it is that the people who really suffer here are the everyday man... This, with the Accellion, Colonial Pipeline and record number of cyber security incidents in 2021 show it's like the wild west on the Internet right now.

This is another important issue that Biden needs to tackle. Throwing 0.1% of money from the infrastructure bill at others to fund any cybersecurity related efforts is worthless. We need funding for investigations into cybersecurity incidents and serious international cooperation to scare the bejeezus out of anyone unauthorized who is considering attacking technological infrastructure for monetary gain.
Don't forget. Biden would only sign the bill. There are a bunch of lawmakers that wrote the bill. Contact yours and give them your input.
 

Markoni35

Posts: 1,290   +518
The US government needs to go after the buffoons who currently can freely go after any company and use their work for financial gain.

The problem is that many of those "buffoons" are actually government agencies, or hackers sponsored by those agencies, certain political groups, big corporations and rich elite.

Have you noticed that Google never gets hacked (okay, maybe once, but that was a long time ago)? Isn't it weird, considering they hold all the data about everyone? They have more data than NSA. A perfect target. And yet, hackers somehow don't wanna hack them.

One could say "Oh, that's because they have the best security experts". Bullcrap. Anyone can be hacked. Even the best security can be bypassed. Unless, of course, they cooperate with the most successful hacker groups. And entities who are responsible for inserting the security holes in CPUs, chipsets, microcontrollers and low-level software modules.

In short, US government definitely don't wanna investigate themselves. Nor their agencies (like FBI). Nor big corporations they work with.

The reason T-Mobile was hacked wasn't financial. That's just an excuse. The reason was political.
 

Puiu

Posts: 4,955   +3,829
TechSpot Elite
The problem is that many of those "buffoons" are actually government agencies, or hackers sponsored by those agencies, certain political groups, big corporations and rich elite.

Have you noticed that Google never gets hacked (okay, maybe once, but that was a long time ago)? Isn't it weird, considering they hold all the data about everyone? They have more data than NSA. A perfect target. And yet, hackers somehow don't wanna hack them.

One could say "Oh, that's because they have the best security experts". Bullcrap. Anyone can be hacked. Even the best security can be bypassed. Unless, of course, they cooperate with the most successful hacker groups. And entities who are responsible for inserting the security holes in CPUs, chipsets, microcontrollers and low-level software modules.

In short, US government definitely don't wanna investigate themselves. Nor their agencies (like FBI). Nor big corporations they work with.

The reason T-Mobile was hacked wasn't financial. That's just an excuse. The reason was political.
Or we just don't know of any Google hack even if it did happen. Who knows how many hacks have been done so far for big companies that we don't know of (hacker never released the data publicly, he was paid, etc)
 

Markoni35

Posts: 1,290   +518
Or we just don't know of any Google hack even if it did happen. Who knows how many hacks have been done so far for big companies that we don't know of (hacker never released the data publicly, he was paid, etc)

Then you have to ask yourself, how do we know about many times when Sony was hacked, or some other corporations were hacked? I'm sure they do everything possible to hide it. And yet somehow it surfaces. But for Google it never surfaces (or it did only once).

Besides, everyone knows they are the biggest info collector in the world. If they can't uncover and blackmail the hackers, nobody can. And once they can blackmail them, they can also make them hack someone, and hire someone to publish that their competitor has been hacked. That's what I would do. And they are much worse than me.
 

Puiu

Posts: 4,955   +3,829
TechSpot Elite
Then you have to ask yourself, how do we know about many times when Sony was hacked, or some other corporations were hacked? I'm sure they do everything possible to hide it. And yet somehow it surfaces. But for Google it never surfaces (or it did only once).

Besides, everyone knows they are the biggest info collector in the world. If they can't uncover and blackmail the hackers, nobody can. And once they can blackmail them, they can also make them hack someone, and hire someone to publish that their competitor has been hacked. That's what I would do. And they are much worse than me.
Money talks, if Sony didn't pay and nobody else bought the info then it's likely that it will just be posted online.

As for google hacks, I only remember of a gmail hack several years ago which stole millions of passwords. Can't seem to find it in google search right now.

I believe that many companies covered up the hacks. In Google's case, when they were hacked in 2010 (I know, it was a long time ago), they refused to cooperate with the FBI and other authorities and just handled it internally. If the hacker doesn't publish it online then it remains hidden. It's much easier to just pay the money for big companies than to deal with a PR nightmare.

But all of this is just speculation on my part. It's just that what said is highly likely to have happened.
 
Last edited: