Yesterday we brought you news of the potential leak of personal data of up to 100 million T-Mobile USA users, with customer details including full address and social security numbers being up for sale in the seedier parts of the internet.
This morning T-Mobile has confirmed that there has in fact been a breach – the fifth known T-Mobile breach in less than three years.
A T-Mobile statement said: “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.
The company continues: “We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved.”
The carrier says the backdoor for the attack has now been closed (which we reported yesterday) and it is now “continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
You would imagine now that T-Mobile is getting pretty good at this as it seems to rapidly becoming a thing that the telco is seen as a soft target.
Let's stay safe out there
Due to the nature of the information, up for grabs to all and sundry on the Dark Web a few password changes here and there are not going to be able to secure you against potential fraud if you are unlucky enough to be selected as a target by anybody who purchases said data.
All we can (strongly) suggest at this time is that you keep a close eye on your own circumstances for any suspicious activity, and not just in the short term as it may take some time for your data to be bought up and utilized by bad actors. Hopefully, the extent of what has been taken will come out shortly, but at this stage, it is not sounding like good news.
Once again we will point you to our excellent guide on staying safe online as a great starting point for your internet safety.
We think it is about time these companies who are keen to harvest all your personal data start to come under serious pressure from the authorities when they fail to look after it properly.