T-Mobile has confirmed it is “looking into” what is potentially a catastrophic data breach of over 100 million customer records.
The seller of the data has said they are in possession of Social Security numbers, names, and addresses, as well as driver license information for this huge number of the firm’s users.
News site Motherboard has seen a sample of the data and believes it to be genuine, which will mean a massive headache on the horizon for both T-Mobile and its customers in the USA.
The hacker is attempting to sell the data via an underground internet forum and is asking for 6 Bitcoin (approximately $270,000)for a subset of 30 million complete records. The rest of the data is being sold privately which sounds even more worrying.
The seller claims the data had been backed up in multiple places before T-Mobile appears to have slammed shut the backdoor they used on “multiple servers related to T-Mobile”.
T-Mobile said in a statement to Motherboard that “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.” T-Mobile repeatedly declined to answer follow-up questions about the scale of the breach.
How to protect yourself after the T-Mobile hack
So what can you do if you are a T-Mobile user? Well for starters, at this stage the information we have is that the breach is of USA-based records. So if you are outside of the territory it’s best to just keep a close eye on developments and hope it doesn’t expand.
Secondly, the breach at this stage is unconfirmed but that does not mean you should sit back and relax until T-Mobiles PR department finishes a statement full of positive spin.
Due to the nature of the information that seems to have been stolen, it doesn’t look like a simple password change here and there is going to make any difference as they have your social security details and address.
What it is worth doing is keeping an extra close eye on your accounts and credit records for anything at all that looks out of the ordinary. If 100 million people have had their data stolen you would still need to be unfortunate to get ripped off, but these guys aren’t selling this information to people for fun.
Make sure you stay as safe as possible on the internet by following our advice carefully.