T-Mobile is investigating a post on an underground forum that claims to be selling personal data on around 100 million users, according to a new report.
Motherboard says that the seller of the information has a variety of personal information for sale including social security numbers, addresses, names, driver’s license information, and more. The hacker told the news outlet they had compromised several servers related to T-Mobile.
The seller is reportedly offering around 30 million social security numbers and driver’s license information for Bitcoin totaling around $270,000. The rest of the information is being privately sold, according to the news outlet.
In a chat exchange with the Motherboard reporter, the seller said they thought T-Mobile found out about the alleged data breach because “we lost access to the backdoored servers.” Motherboard added that it had seen samples of the data and confirmed that it had accurate information about T-Mobile customers.
In a statement to both Motherboard and Reuters, T-Mobile said it was “aware” of the claims and was “actively investigating.”
“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time,” the spokesperson said.
You can read all of the Motherboard report here.
Update 11:30am CT, Aug. 18: On Tuesday, T-Mobile confirmed a “cyberattack” occurred. The company said its analysis found that 7.8 million current T-Mobile postpaid customer accounts’ information were in the stolen files. It also said “just over” 40 million records of “former or prospective customers who had previously applied for credit with T-Mobile” were also included.
Additionally, T-Mobile said 850,000 active customers had “names, phone numbers and account PINs” also exposed.