T-Mobile US Inc. confirmed Sunday that it is investigating claims that a hacker is attempting to sell the personal data of more than 100 million customers.
Vice’s Motherboard first reported the incident, in which a hacker on an online forum claimed to be selling private data that includes names, Social Security numbers, addresses, phone numbers and drivers license information. Motherboard was in contact with the seller, and confirmed that the data it saw appeared to belong to T-Mobile customers. The anonymous seller is reportedly seeking 6 bitcoin — about $270,000 — for data belonging to about 30 million accounts, with the rest supposedly being sold through private channels.
The hacker told Motherboard that T-Mobile had successfully regained control of its servers, but not before the trove of personal data had already been downloaded.
“We are aware of claims made in an underground forum and have been actively investigating their validity,” T-Mobile said in a statement to the media on Sunday. “We do not have any additional information to share at this time.”
The data breach, if confirmed, could affect nearly every T-Mobile customer in the U.S.; in its second-quarter earnings report last month, the telecom company reported about 104.79 million U.S. customers, according to FactSet data.
T-Mobile has reported a number of serious data breaches in the past few years, most recently in December 2020. Those breaches were significantly smaller than the new one claims to be, with about 200,000 customers affected by the most recent one.