Currently under investigation by its technical teams, a T-Mobile data breach has had a significant impact on customers of the telecommunications company. As the investigators uncover details on the recent cyberattack, the extent of the breach has been found to be far greater than previously believed.

Millions of data records on sale

The recent attack has seen threat actors using a hacking forum on the Dark Web to sell personal details of millions of T-Mobile customers, requesting a price of $280,000 worth of bitcoin for the private data from prospective buyers. Hackers and ransomware operators demanding payments in return for dedicated decryption keys favour the use of cryptocurrencies to take money from buyers and victims alike due to its difficulty to trace and recall after transactions occur.

The hacker holding the online sale boasted that the stolen database provides a wide range of exposed T-Mobile customer data, including mobile telephone numbers, security PINs, customer names, dates of birth and licence numbers

The cybercriminals stated that the database was illegally taken two weeks prior to the sale going live and contains customer information that dates back to 2004.

Following the incident, T-Mobile confirmed a portion of its servers had been hacked and that it was undertaking an investigation into exactly what type of customer data had been exposed in the attack.

Impacted T-Mobile customer count increases

When T-Mobile initially disclosed early details of its ongoing investigation into the incident where its data storage was compromised, it determined that a total of 48.6 million customers had their personal information exposed during the unfortunate event.

The mobile telecoms provider has since updated this figure in a new advisory issued recently, where it added a further six million individuals to the list of those impacted by the attack. This additional group of people comprises both prospective and existing customers of T-Mobile.

Furthermore, the company has also stated that the attackers were able to steal International Mobile Subscriber Identity (IMSI) numbers and International Mobile Equipment Identity (IMEI) numbers in the data haul they seized from the server.

The following is a detailed list of the private data disclosed

• 13.1 million active post-paid customer accounts. These included full names, dates of birth, driver’s licences, and social security numbers (SSNs).

• Information on 40 million prospective and former customers. These included the same details listed for current customers.

• 667,000 former T-Mobile customer accounts, exposing names, telephone numbers, dates of birth and addresses.

• 850,000 current T-Mobile prepaid customers’ names, account PINs and phone numbers.

• Around 52,000 names that are related to active Metro by T-Mobile customer accounts may also have been involved in the breach.

Fortunately, to date the mobile telecoms provider has witnessed no indication that payment details or financial data was exposed in the attack. T-Mobile customers, however, should be wary of any emails and text messaged they receive from the provider. Customers are advised that any messages requesting financial account numbers should not to be responded, and they should avoid clicking any links within the email.