In an attack on T-Mobile US, data of at least 40 million customers was stolen. We get to the heart of what exactly happened and what you can do yourself.
What happened?
On August 16, Deutsche Telekom’s subsidiary T-Mobile US announced that it had been the victim of a cybersecurity incident. Millions of customer data are affected. Originally, the company assumed that the infringement was limited to the US market. Nevertheless, it could also have an impact on other locations worldwide. However, the entrance gate for the attack had been identified and closed.
Details on the extent of the attack on T-Mobile US
Different information is currently circulating about the extent of the attack.
Researchers from Bleeping Computer contacted the threat actor who offered the databases stolen in the attack. The hacker confirmed that the database contains the data of about 100 million T-Mobile customers, including: IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, social security numbers, driver’s license numbers, date of birth. The data goes back to 2004 and was stolen from T-Mobile’s servers at the beginning of August.
T-Mobile US, on the other hand, admitted in its update of August 17 that, according to preliminary investigations, more than 40 million data records of former, current and potential customers are affected. In the affected data, there are differences between prepaid and postpaid customers or those who are interested in a contract. For the approximately 850,000 prepaid customers, name, phone number and PIN codes are affected. The latter were reset as a precaution. According to the current status, there are no signs that phone numbers, account numbers, PINs, passwords or financial information have been compromised for contract customers and interested parties. First and last names, date of birth, social security number and driver’s license or ID information are affected (at least partially).
What is the threat to my company from the attack on T-Mobile US?
After accessing the above-mentioned data, different forms of attack are conceivable. The attacker can use the personal data for a phishing attack via e-mail or SMS, for example. Through the disclosed information, he can manipulate you in a targeted manner. SIM swapping fraud is also conceivable. As Europol explains: “SIM swap fraud is committed when a fraudster tricks the victim’s mobile operator into porting the victim’s mobile number to a SIM card in the fraudster’s possession, thus starting to receive all incoming calls and text messages, including one-time passwords for banking transactions, sent to the victim’s phone number.”
What can I do?
T-Mobile announced that it wanted to protect all vulnerable people. The company announced that it would inform those affected and advised the following measures, among others:
You can find more information here.
What Perseus recommends
If you are a T-Mobile customer, we recommend that you behave as if the breach of your data has been confirmed:
If you have any questions, the Perseus team will be happy to answer its customers.
