It has been reported according to Vice's Motherboard that T-Mobile is investigating an alleged data breach claimed by the author of the post on an underground forum. The 15 report said the hacker claims to have obtained data on more than 100 million customers from T-Mobile servers.
However, the seller is asking for 6 BTC, approximately $287,000 at current prices, in exchange for some of the data.
The report said that Motherboard has seen samples of the data which include social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information. The seller said that they are privately selling most of the data at the moment, but will hand over a subset of the data containing 30 million social security numbers and driver licenses for the BTC ransom.
The hacker said:
“I think they already found out because we lost access to the backdoored servers.”
Likewise, a T-Mobile spokesperson said:
“The company is aware of claims made in an underground forum and is actively investigating their validity. We do not have any additional information to share at this time.”
As per the reports, it is not the first time T-Mobile has been at the center of a cyber-security scandal. In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack. A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim's online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures. In this case, the victim Calvin Cheng accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers' accounts.
Thus, T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.