T-Mobile data breach: Over 54.6 million now affected

News / T-Mobile data breach: Over 54.6 million now affected

T-Mobile data breach: Over 54.6 million now affected

The total number of customers, both current and former, affected by T-Mobile’s latest data breach has increased to 54.6 million. While this is still short of the 100 million initially advertised by the threat actor on a dark web forum, it remains significant and is substantially more than T-Mobile’s own initial estimates.  

The information exposed a number of personal information (PIIs). This list commonly included victims’: 

  • Names.  
  • Dates of birth. 
  • Social Security Numbers. 
  • Account details, including PINs. 
  • Driver’s license numbers. 

These can all be used for identify theft, fraud and Phishing attacks, making both former and current customers of T-Mobile at heightened risk of these malicious techniques.  

More troublingly, for at least 7.8 million victims, IMEI/IMSI numbers have been stolen. These can be used to exploit and track mobiles.  

The hackers also claim to have a database of credit cards numbers with six digits obfuscated, although this remains unconfirmed and T-Mobile has said that no credit card number have actually been compromised. 

How was it discovered? 

T-Mobile Servers being compromised was initially broken by Vice’s Motherboard on the 15th August after a forum was discovered advertising T-Mobile customer information. The malicious actor was trying to sell a subset of the data containing over 30 million Social Security Numbers and driver’s licenses for 6 bitcoin which is approximately $270,000.  

The threat actor further claimed to have scored 100 million customer details and that, at this point, T-Mobile was aware as their access had been kicked from backdoor servers. T-Mobile a day later contacted Vice to confirm they were aware of the data breach. 

The threat actor also revealed the intention of selling the rest of the sensitive information privately. 

The data breach was alleged to be a consequence of remote working, where home user system’s privacy and security being weaker and work-from-home policies being less robust, although the investigation is still ongoing as the company continues to coordinate with law enforcement agencies. 

Tessian found that 48% of remote workers were generally less likely to follow cybersecurity measures at home compared to the office, with employees normally citing reasons like how they’re not working on their typical devices, not really being monitored by IT teams, or being more distracted at home. 

What are the consequences?  

While T-Mobile has now said that the point of entry for hackers has been shut down, the damage done remains. 

Victims of the T-Mobile Data Breach are now at greater risk of fraud and identify theft. Armed this sensitive information from the breach, malicious actors can do things like: 

  • Craft more convincing phishing emails and messages which may lure users to click on an attachment or link. 
  • Convince people to part with even more sensitive information like their banking details. 
  • Possibly have enough blend of details to open a credit card in victim’s name. 
  • Take out loans or obtain government benefits in victim’s name. 

For the number of customers who have had their IMSI numbers compromised, there is the further risk of malicious actors being able to perform Sim swapping attacks, where hackers can leverage control of a victim’s mobile device.  

Can T-Mobile be trusted? 

The consequences don’t just stop at the customer either. 

This isn’t the first time that T-Mobile has suffered a cyber event. The mobile network operator, one of the largest in the world, has suffered cyber attacks leading to 6 other data breaches in the past 4 years. 

Public opinion has certainly been negatively impacted by this latest data breach.  

And, while T-Mobile has been talking to news outlets, they’ve been criticised for not reaching out to customers in a timely fashion. The lack of prompt, proactive communication and updates to their customers initially may be further souring any good will left for them from a number of their subscribers. 

There are also the legal ramifications. 

T-Mobile has been hit with two class-action lawsuits. First lawsuit filed, Durwalla V T-Mobile USA Complaint asserts T-Mobile “failed to implement and maintain reasonable security procedures and practices”. Similarly, the second lawsuit, Espanoza et al. v T-Mobile US, accuses the company of being negligent and reckless with their customers’ data, saying PIIs were maintained by T-Mobile on their network and system in a way vulnerable to cyber attacks.   

Both lawsuits assert the way the data was stored was a known risk to T-Mobile. Espanoza et al. vs T-Mobile US also emphasises that T-Mobile didn’t provide prompt and proactive instruction to customers earlier, causing victims even more damages as hackers were given more time to wreak havoc. 

What to do if you’re affected? 

The effects of a data breach can be devastating. It can often take years for the extent of damage done to truly manifest. Here are few important recommendations to help safeguard yourself and mitigate damages, they include: 

  • Changing your account PIN. 
  • Downloading McAfee’s ID Theft Protection Service. 
  • Freezing your Credit Report. 
  • Enabling T-Mobile’s Account Takeover Protection to prevent someone from transferring your phone number to another carrier. 
  • Use Multifactor Authentication (MFA) on online accounts. 
  • If there’s evidence of your SSN being maliciously used, change your SSN number. 
  • Delete unused account and request all your data be deleted once you leave a service. 

T-Mobile has offered its affected customers free two-year subscription for McAfee's ID Theft Protection Service to help ensure the protection of their PIIs. They have also set up webpage to instruct victims on what to do.

How secure is

your business?

Security test
How secure is

your business?

Security test