T-Mobile USA Inc. today confirmed that reports over the weekend that it was hacked, although it declined to provide specific details.

The company launched an investigation after a hacker named “Subvirt” advertised allegedly stolen data on the popular hacking site Raid Forums. While the hacker or hackers did not name T-Mobile, they did so when contacted by several media outlets.

The data allegedly stolen was more than 100 million T-Mobile customer records. Those records are said to include International Mobile Subscriber Identity numbers, International Mobile Equipment Identity or IMEI numbers, phone numbers, customer names, PINs, dates of birth. Social Security and driver’s license numbers.

The hacker claimed to have hacked into T-Mobile’s production, staging and development servers two weeks ago, including an Oracle Corp. server containing customer data.

T-Mobile said in a statement that it had determined that “unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved.” The company noted that it’s “confident that the entry point used to gain access has been closed” and that a review is ongoing.

In an interesting twist, the hacker is now alleging that it raided T-Mobile’s databases as reprisal for U.S. espionage activity.

“They do not seem to be demanding ransom,” Hitesh Sheth, president and chief executive officer at AI-powered cybersecurity company Vectra AI Inc., told SiliconANGLE. “If true, it further blurs the lines in cyberwar between government and private assets. Every organization must consider what kind of prize it, too, might represent to threat actors out to score political points.”

Crane Hassold, director of threat intelligence cloud-native email security platform Abnormal Security Corp., noted that “although we do not know the exact source of the T-Mobile breach, stolen data could potentially be used in other social engineering attacks.”

“While much of the data accessed could be considered public records–names, DOB, DL numbers– when used in conjunction with other data that was stolen, such as phone numbers and security pins, this information could be used for SMS phishing attacks,” Hassold added.

Jon Clay, vice president of threat intelligence at cybersecurity company Trend Micro Inc., warned that “in the wake of this breach, T-Mobile customers should check on their key accounts, such as financial, banking and healthcare, and modify their account credentials.”

Clay said that “consumers should be very suspicious of any requests (via email, text, voice) to complete a task they did not initiate themselves,” such as logins to an online account, paying money for something, or giving access to their computer.

With the hack now confirmed by T-Mobile, this attack is the fifth involving the company since 2018.

Previous hacks involving T-Mobile include the theft of the details of 2 million customers in August 2018, a hack involving the theft of prepaid customer data in November 2019, the theft of employee and customer data in March 2020 and a “security incident” involving “malicious, unauthorized access” to some information related to T-Mobile accounts in January

Photo: T-Mobile