Security News > 2021 > August > Un-carrier? Definitely Unsecure: T-Mobile US admits 48m customers' details stolen after downplaying reports
T-Mobile US has begun admitting to the theft of 100 million user accounts in stages, confessing overnight that 8 million people's personal details had been stolen from its servers.
In a statement the American mobile operator said: "Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued."
At the time, two days ago, T-Mobile confirmed to The Register: "We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved."
Around 850,000 PAYG customers have, so far, been confirmed by the mobile network operator to have had their names, numbers, and online account PINs compromised.
"No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed," said T-Mobile in its statement.
Data stolen by criminals included customers' first and last names, date of birth, social security numbers, and "Driver's license/ID information for a subset of current and former Postpay customers and prospective T-Mobile customers." Postpay is the American term for a standard mobile phone contract, contrasting with pre-paid/pay-as-you-go.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/18/t_mobile_us_admits_hack_48m_users/
Related news
- SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work (source)
- AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info (source)
- US Defense Dept received 50,000 vulnerability reports since 2016 (source)
- T-Mobile, Verizon workers get texts offering $300 for SIM swaps (source)