US telecom company T-Mobile has reported that it has been investigating a claim posted on one of the online forums which has blamed the company for a data breach of over 100 million users. The claim said that the company is misusing the personal data of its customers, it said.
The claims of the data breach were initially reported by Vice, a US-based digital media outlet. According to reports, the anonymous forum has said that the personal data, including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers and driver licenses information are being reportedly sold through private channels. The seller has confirmed to Vice's Motherboard that they acquired the data through multiple T-Mobile USA servers.
Suspicions of Hacking
It is reported that Motherboard has checked the data and confirmed its accuracy and authenticity. Reports suspect it to be a hacking activity, where the intruder entered the server and downloaded the data before T-Mobile kicked them out of the servers.
Over 30 million customers' data, including social security numbers and driver licenses, has been sold in exchange for bitcoin, approximately $270,000, reports stated. The remaining were being sold privately to various channels.
T-Mobile responded promptly to the hacking activity and cut them off from their servers, but the data was already copied and backed up in the multiple local systems, the seller said.
The telecom company has said in a statement that they have already initiated a probe on the claims made in the forum, however, they haven't specified the scale of the breach. T-Mobile has refused to respond to further queries of Motherboard, reports said.
Reported Data Breaches in the Past
T-Mobile, with over 104.7 million customers currently, has been facing charges of data breach for the past few years. The one in 2019 compromised sensitive customer info, while in 2020, data of 200,000 users were scarped from the servers.
Reports have claimed that the current breach is much more serious than the earlier ones and could affect the company and its customer in the U.S. and cause fatal damages, if confirmed.