United States telecom giant T-Mobile is looking into an alleged massive data breach that may have compromised more than 100 million users.
According to Vice’s Motherboard, T-Mobile is investigating an alleged data breach claimed by the author of the post on an underground forum. The Sunday report says the hacker claims to have obtained data on more than 100 million customers from T-Mobile servers.
The seller is asking for 6 Bitcoin (BTC) — approximately $287,000 at current prices — in exchange for some of the data.
Motherboard has seen samples of the data, which include social security numbers, phone numbers, names, physical addresses, unique IMEI numbers and driver license information.
The seller told the outlet that they are privately selling most of the data at the moment but will hand over a subset of the data containing 30 million social security numbers and driver licenses for the BTC ransom.
Referring to T-Mobile’s alert and potential response to the breach, the hacker said, “I think they already found out because we lost access to the backdoored servers.”
A T-Mobile spokesperson said that the company is “aware of claims made in an underground forum” and is “actively investigating their validity,” adding, “We do not have any additional information to share at this time.”
It is not the first time T-Mobile has been at the center of a cybersecurity scandal. In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.
A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim’s online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.
In this case, the victim, Calvin Cheng, accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers’ accounts.
T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.
In April this year, hardware wallet manufacturer Ledger faced a class-action lawsuit regarding the major data breach that saw the personal data of 270,000 customers stolen between April and June 2020.