T-Mobile confirmed Sunday that it’s looking into an online forum post that claims to be selling a large trove of its customers’ sensitive data. Motherboard reported that it was in contact with the seller of the data, who said they had taken data from T-Mobile’s servers that included Social Security numbers, names, addresses, and driver license information related to more than 100 million people. After reviewing samples of the data, Motherboard reported it appeared authentic.
“We are aware of claims made in an underground forum and have been actively investigating their validity,” a T-Mobile spokesperson said in an email to The Verge. “We do not have any additional information to share at this time.”
It’s not clear when the data may have been accessed, but T-Mobile has been the target of several data breaches in the last few years, most recently in December 2020. During that incident, call-related information and phone numbers for some of its customers may have been exposed, but the company said at the time that it did not include more sensitive info such as names or Social Security numbers.
In 2018, hackers accessed personal information for roughly 2 million T-Mobile customers that included names, addresses, and account numbers, and in 2019, some of T-Mobile’s prepaid customers were affected by a breach that also accessed names, addresses, and account numbers.
A March 2020 breach exposed some T-Mobile customers’ financial information, Social Security numbers, and other account information.