T-Mobile is investigating a data breach said to have compromised the names, Social Security numbers, and other personal information of more than 100 million people, Motherboard reports.
A hacker claims to have gained access to T-Mobile servers where that data was stored. That hacker is asking for 6 BTC, which is worth roughly $276,000 at Bitcoin’s current exchange rate, in exchange for the SSNs and driver’s license information of 30 million people. The rest of the data is apparently being sold privately rather than being made publicly available.
That data is also said to include phone numbers, physical addresses, and unique IMEI numbers associated with specific phones. This information could be used in spear-phishing attacks, which target specific people with personalized messages to make them more likely to click on malicious links or install malware, as well as other kinds of attacks on the affected individuals.
This breach hasn’t been confirmed, but if it is, it would be T-Mobile’s fifth known breach in less than three years. The company previously disclosed breaches in 2018, 2019, and 2020 as well as January of this year. The severity of those breaches varied both in terms of what kind of data was compromised and in how many people—between 200,000 and 2 million—were affected.
“We are aware of claims made in an underground forum and have been actively investigating their validity,” T-Mobile tells Motherboard. “We do not have any additional information to share at this time.”
