T-Mobile has reportedly been hacked, causing a personal data breach of over 100 million people, according to a forum post that is selling the data, reported Motherboard. Although the post doesn't mention the telecom, Motherboard contacted the seller, who confirmed that the data did come from T-Mobile servers, showcasing the importance of safeguarding personal information against single points of failure.
"T-Mobile USA. Full customer info," the seller told Motherboard. The seller said they compromised multiple servers related to T-Mobile but have since lost access to the hacked servers. But according to the seller, the data had already been downloaded locally and "backed up in multiple places."
The forum post is selling only a subset of the data, containing 30 million social security numbers and driver licenses, for 6 BTC –– around $275,000 at the time of writing. The rest of the data is being sold privately, the seller said. T-Mobile, on the other hand, said it is currently investigating the case.
"We are aware of claims made in an underground forum and have been actively investigating their validity," T-Mobile told Motherboard in a statement. "We do not have any additional information to share at this time."
The seller said that the compromised data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver's licenses. Motherboard claims to have seen samples of the data and confirmed they contained accurate information on T-Mobile customers.
Events like this showcase the importance of safeguarding personal data from centralized servers that are often compromised. These single points of failure house a staggering amount of data and become easy targets for hackers who seek to capitalize on their lack of robust security. However, although such data centers need to harden their security, perfect security is arguably impossible to be achieved. Thus single points of failure will always be likely to be compromised. A user's best shot is taking ownership of some or all of their personal data.
Choosing a telecom for your phone services is a delicate process since all such providers are centralized by nature, and most will collect personably identifiable information (PII). However, options are often available that mitigate some of the inherent issues. Some smaller carriers will sell prepaid and reloadable SIM cards that can be bought for gift cards, which can be purchased with KYC-free bitcoin. If the process is done carefully and correctly, one could enjoy mobile privacy and be freed from telecom data breach risks, including SIM swaps, identity theft, social engineering, and doxxing.