Cyber Incident Victim: T-Mobile US

On August 15, 2021, T-Mobile US initiated an investigation into a potential data breach following public claims by a threat actor regarding the theft of customer data. The incident first surfaced on a hacking forum on August 14, 2021, where an individual advertised the sale of a database allegedly containing sensitive personal information of approximately 30 million people. The advertised dataset included birth dates, driver's license numbers, and Social Security numbers. The seller priced this data at six bitcoin, equivalent to approximately $280,000 at the time. While the forum post did not explicitly identify T-Mobile as the source, the threat actor subsequently confirmed to BleepingComputer that they had compromised T-Mobile's servers to obtain the data. The hacker asserted that their breach encompassed information belonging to approximately 100 million T-Mobile customers, significantly exceeding the subset of records offered for sale.

The claimed breach involved unauthorized access to T-Mobile's servers, resulting in the exfiltration of databases containing customer information. The threat actor's communication with BleepingComputer established a direct link to T-Mobile systems as the source of the stolen data. If validated, this incident would have exposed affected customers to heightened risks of identity theft, financial fraud, and phishing attacks due to the sensitive nature of the compromised identifiers. T-Mobile's public response at the time was limited to acknowledging the investigation without confirming the breach's validity or scope. The company did not immediately disclose technical details regarding the intrusion methodology, duration of unauthorized access, or specific systems compromised. The discrepancy between the 100 million records reportedly accessed and the 30 million records offered for sale remained unresolved in initial reports.