According to reports, the data contains sensitive information.
T-Mobile announced Sunday that it is investigating a forum post that claimed to have sold sensitive customer data. Motherboard reported that it was in contact with the data seller, who said they had taken data from T-Mobile’s servers that included Social Security numbers, names, addresses, and driver license information related to more than 100 million people. Motherboard reviewed the data and reported that it looked authentic.
“We are aware that claims were made in an underground forum, and have been actively investigating their validity,” a T-Mobile spokesperson stated in an email to The Verge. “We don’t have any additional information at the moment.”
It’s unclear when the data may have been accessed, but T-Mobile has been the target of several data breaches in the last few years, most recently in December 2020. Although call-related information and telephone numbers of some customers were exposed during that incident, the company stated that they did not contain any more sensitive information such as names or Social Security numbers.
Hackers accessed personal data for approximately 2 million T-Mobile customers in 2018. This information included names, addresses, and account numbers. In 2019, T-Mobile’s Prepaid customers were also affected by a breach that accessed addresses and account numbers.
A March 2020 breach exposed some T-Mobile customers’ financial information, Social Security numbers, and other accounts.