wordpress blog stats
Connect with us

Hi, what are you looking for?

T-Mobile suffers fifth data breach in four years as hackers get away with sensitive data of 100 million users: Report

T-Mobile’s latest incident is not an isolated case as an increasing number of businesses are reporting data breaches including those in India which has seen 5 such incidents so far this year. 

A hacker informed VICE that they stole confidential data of 100 million users of T-Mobile, according to its report. The seller in a chat with Motherboard, VICE’s platform which covers tech, revealed that the data contained details like social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information.

Cyber attacks have increased dramatically during the pandemic as lockdowns caused by COVID-19 forced a rapid increase in the adoption of digital tech. Data breaches are the second-most common form of cyber attacks as the stolen information fetches a lucrative price on the dark web. It results in acute financial loss while denting the reputation of businesses. A data breach also violates the privacy of individuals who can lose their sensitive data, the consequences of which can be damaging. 

How did it all unfold? 

Motherboard reported that it came across a post in an underground forum that claimed that it was “selling a mountain of data”. The post did not mention the name of the company which owned the data. 

It established contact with the seller who divulged, in an online chat, that the data belonged to T-Mobile USA. They added that the data was obtained by compromising multiple servers of T-Mobile.

Advertisement. Scroll to continue reading.

The seller demanded 6 bitcoin which translates to $270,000 at the prevailing market price of bitcoin. It was the price for the dataset of 30 million social security numbers and driver licenses. They added that the rest of the data was being sold privately. 

The seller told Motherboard that data had been backed up in multiple places locally before T-Mobile severed their access from the backdoored servers.  

We take the protection of our customers very seriously: T-Mobile

The telecom giant said that it was conducting an investigation into claims of illegal access made by the seller. 

“We are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement. We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved,” the company said in its statement.   

The statement disclosed that the entry point used to gain access was closed, and a deep technical review was underway to identify the nature of the data. “Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.”

Timeline of data breaches suffered by T-Mobile

This is not the first time that T-Mobile has suffered a data breach. The Verge stated that T-Mobile has had several data breaches in the last few years: 

Advertisement. Scroll to continue reading.

August 2018: Hackers accessed personal information of nearly 2 million customers which included the name, billing zip code, phone number, email address, account number, and account type of users. Other sensitive information — financial data, Social Security numbers, and passwords — weren’t compromised in the hack according to the company.

November 2019: A “small number of prepaid customers” were a target of the breach that leaked customer names, addresses, phone numbers, account numbers, rate plans, and plan features to the hackers.

March 2020: An attack led to hackers obtaining unauthorised access to certain T‑Mobile employee email accounts which contained account information on T‑Mobile customers and employees.  On this occasion, personal information accessed included names and addresses, Social Security numbers, financial account information, and government identification numbers, as well as phone numbers, billing and account information, and rate plans and features.

December 2020: The breach in December exposed call-related information and phone numbers of its customers to the hackers. Bleeping Computer said that the information did not include names on customers’ accounts, physical or email addresses, financial data, credit card information, Social Security numbers, tax IDs, passwords, or PINs. The company said that the breach affected 0.2 percent of its users which comes up to 200, 000 people.

Data leaks and breaches in India so far this year

  • Air India (AI) reported a data breach that compromised the personal details and information of 4.5 million customers. The hackers managed to extract customer information, barring payment details, that was registered on the SITA-AI system between August 26, 2011, and February 3, 2021.
  • MobiKwik reported a database leak to the size of 8.2 TB which contained 36 million files containing KYC information belonging t0 3.5 million people. The hack also accessed around 7.5 TB worth of KYC data pertaining to over 3 million merchants on MobiKwik’s network. Over 99 million users’ phone numbers, emails, hashed passwords, addresses, bank accounts, and 40 million card details up to 10 digits, were leaked with month, year, and card hash data.
  • 190,000 CAT aspirants’ personally identifiable details along with their test results were leaked on the dark web in May. The details put up for sale include names, dates of birth, email IDs, mobile numbers, address information, candidates’ 10th and 12th-grade results, details of their bachelor’s degrees, and their CAT percentile scores.
  • Domino’s India suffered a data breach wherein 1 million credit card records and 180 million pizza preferences were up for sale on the dark web. It was found that someone was asking for 10 bitcoin (roughly $535,000 or ₹4 crore) for 13TB of data which included customers’ names, phone numbers, and email addresses.
  • Upstox’s customer data was on sale on the dark web after a data leak by ShinyHunters. It was reported that the hackers sought a ransom of $1.2 million (Rs 9 crore) to not publicise the user data. The security breach was first reported by Rajshekhar Rajaharia, an independent internet security researcher, who claimed that data of some 25 lakh users and 5.6 crores Know Your Customer (KYC) data was leaked. The leaked user data included names, birthdates, PAN, passports, and photos of user signatures, among other things.

Also read:

Advertisement. Scroll to continue reading.
Written By

I cover several beats such as Crypto, Telecom, and OTT at MediaNama. I can be found loitering at my local theatre when I am off work consuming movies by the dozen.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

News

Releasing the policy is akin to putting the proverbial 'cart before the horse'.

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ