American telecommunications company T-Mobile confirmed Monday that it was the victim of yet another security breach. The company said hackers managed to breach its internal servers, and they are now in the process of determining if sensitive user data were stolen.
The company said they had detected unauthorized access on their computer network but are unsure if any personal consumer data were stolen. T-Mobile added that they now have people working around the clock to investigate claims that user data may have been illegally accessed.
The confirmation comes just a day after Motherboard published a report claiming that it had stumbled upon a forum post purported to be selling a stolen user data. The post reportedly claimed that the collection for sale included user data on more than 100 million people stolen from T-Mobile servers.
According to the seller, the data for sale included personal user information such as names, social security numbers, physical addresses, device IMEI numbers, phone numbers, and driver's license numbers. Motherboard reportedly acquired samples of the data for sale and confirmed that they "contained accurate information on T-Mobile customers."
Over the past decade, T-Mobile has been the victim of multiple data breaches. In 2018, hackers were able to forcibly access customer information such as billing addresses, names, phone numbers, email addresses, and account numbers. Last year, the company was the victim of another cyber attack with the perpetrators stealing similar T-Mobile customer data.
Cybersecurity experts said hackers during the last breach were able to gain access to the company's network by taking advantage of an exploit stemming from a misconfigured GPRS gateway. Hackers were able to steal data, including names, phone numbers, account numbers, rate plans, and billing information.
If the claims made by the owner of the forum post are proven to be true, and he had, in fact, stolen data from more than 100 million T-Mobile customers, the hack could be one of the largest carrier data breaches in history. Other publications and security companies have yet to verify the authenticity of the poster's claims. T-Mobile is expected to release more information about the breach once it concludes its investigation into the matter.
