T-Mobile has acknowledged the attack, calling it a “high sophisticated cyber attack” in a public statement.
The company discovered the breach through a tip that claimed a threat actor was posting in an online forum that they had compromised T-Mobile systems and had obtained data to sell. The company then located and closed the access point which may have been used by this actor to gain unlawful entry to their server.
T-Mobile in coordination with law enforcement has confirmed that the data stolen included customers personal information. This thankfully has been confirmed by T-Mobile not to include payment details, like credit card or debit card information.
What the data stolen does include is names, phone numbers, social security numbers, driver's license information, and unique mobile device identifiers (IMEI numbers). An IMEI combined with other personal data can be used to bypass Multi-factor authentication that relies on mobile SMS.
If you are a current or former T-mobile customer affected by the breach, you are at risk of social engineering and identity theft.
Whoever purchases the stolen names, SSN, addresses and IMEI could potentially use it in social engineering attacks, crafting highly convincing and detailed phishing emails.
These may even include emails asking users to provide credit card information or otherwise for alleged payment of T-Mobile services. The scammers also may not just use email but text messages or phone calls.
Cybersecurity experts point to this breach, the sixth T-Mobile has faced in four years, as further evidence of the sheer risk companies are facing from cyber attacks today.
Ric Longenecker, CISO at open systems, argued in response there is “collective effort” needed from companies to “combat the risk posed by cybercriminals” as threats continue to become more sophisticated and rampant.