T-Mobile: Hacker attack costs the Telekom subsidiary 500 million dollars

Update 7/25/2022:

The 2021 data breach caused by hackers (see below) costs T-Mobile USA $500 million (around €490 million), The Verge reports. T-Mobile is paying $350 million into a fund that is intended to serve US customers who are suing and to pay for legal fees. T-Mobile plans to invest a further 150 million US dollars in improving IT security in 2022 and 2023. However, no admission of guilt is associated with the payment. The agreement still has to be approved by the responsible judge.

During the hacker attack, the attackers were able to steal the data (names, addresses, social security numbers, telephone numbers, driver’s license numbers) of 76.6 million US citizens.

update end

Report from August 27th, 2021: Huge T-Mobile hack was probably an act of revenge by a hacker

A 21-year-old American claimed to be behind the T-Mobile hack at the end of August 2021 and to have stolen the data of 50 million T-Mobile customers. The Wall Street Journal reports.

The hacker posed as “John Binns” to the Wall Street Journal. A security company had previously revealed his name. Binns has been living with his mother in Izmir, Turkey, for several years. Binns claims that T-Mobile’s lax security arrangements made the attack easier for him. He searched the T-Mobile network for unsecured routers, discovered one and used it to gain access to a data center in Washington State that contained the access data for more than 100 T-Mobile servers. Binns may have had accomplices in his attack, but he did not comment on that.

Binns allegedly wanted to avenge his mistreatment by US intelligence agencies with his hacking of T-Mobile as part of the US infrastructure, as Cnet reports.

Update 18.8.:

The Telekom subsidiary T-Mobile has published more information about the stolen customer data. So the investigations are still ongoing. T-Mobile speaks of a “highly sophisticated cyberattack” directed against the company. T-Mobile called in “the world’s leading experts in cybersecurity” for help. The way the hackers gained access to the servers was identified and closed.

T-Mobile also found that the attackers had access to a subset of its data. T-Mobile now definitely knows that the attackers were able to capture personal data from customers. To date, however, T-Mobile has no indication that account or credit card data would be found under the stolen material.

Postpay customers

According to T-Mobile, among the stolen data would be first and last names, dates of birth, social security numbers, and driver’s license details of past, current, or prospective Postpay customers (who are always billed in arrears). According to T-Mobile’s preliminary analysis, the stolen files appear to contain information on approximately 7.8 million current postpaid customer accounts and just over 40 million records of past or potential customers. Telephone numbers, account numbers, PINs, passwords or financial information, on the other hand, are said not to have been stolen from Postpay customers.

T-Mobile wants to provide the affected customers with various types of assistance. Among other things, they should immediately get free access to McAfee’s ID Theft Protection Service for two years. Customers are also asked to change their PIN to be on the safe side. In addition, T-Mobile wants to publish a website with security recommendations. T-Mobile is also taking another step to secure postpaid customer accounts.

prepaid customers

In addition, 850,000 active prepaid customers are affected by the data theft. With these, the attackers got their hands on customer names, telephone numbers and PINs for access. T-Mobile have therefore reset all PINs.

If you have ever been or still are a T-Mobile customer in the United States, you should read this information in its entirety here.

update end

Update 17.8.:

T-Mobile has confirmed that there was “unauthorized” access to company data. But the US subsidiary of Deutsche Telekom has not yet been able to clarify whether personal customer data is also affected.

T-Mobile says it believes it has eliminated the way the hackers gained access to the data. The precise analysis of the incident is still ongoing. As soon as T-Mobile knew exactly which data was affected, it would inform customers.

update end

T-Mobile USA is investigating a tip on an underground forum that hackers are offering the data of over 100 million US T-Mobile customers for sale. This is reported by the US news site “Motherboard”.

T-Mobile is not named in the forum post. However, the provider that Motherboard contacted allegedly told Motherboard that the data offered for sale came from T-Mobile customers. “T-Mobile USA. Full customer info” is what the seller calls his treasure trove of data. The data would come from different T-Mobile servers.

The data would include social security numbers, phone numbers, names, postal addresses, International Mobile Equipment Identity (IMEI) numbers, and driver’s license information, the provider claims. “Motherboard” was able to check some samples and confirmed that these are actually data from T-Mobile customers.

The provider, whose name is not known, demands 6 bitcoins, the equivalent of around 241,647 euros, for part of the T-Mobile customer data. This would include 30 million social security numbers and driver’s license data. The provider would then sell the rest of the customer data.

The seller told Motherboard that he had lost contact with the hijacked servers. T-Mobile probably noticed the hacker attack. But the attacker has already downloaded all the data and saved backups in different places.

T-Mobile told Motherboard that they were aware of the posting on an underground forum. They would be investigating that clue. Can’t say more than that at the moment.

Bleeping Computer adds that the hacker attack took place two weeks ago and affected an Oracle database server, among other things. In addition, IMSI numbers (International mobile subscriber identity) are also affected. This allows users to be identified in a mobile network. The stolen data treasure is said to be 106 GB in size.

Deutsche Telekom is the largest shareholder in T-Mobile and controls the company.