New T-Mobile hack allegedly exposes 90GB of data

T-Mobile, the global telecoms giant, could be facing a third data breach in less than 12 months. Cybercriminals say they’ve exposed employee credentials, customer info, and other sensitive data. The company denies it's been breached.

T-Mobile, the Deutsche Telekom-owned brand with operating subsidiaries in the US, Poland, and other countries, could be heading for a rocky end to the year, with a third major data breach on its hands.

T-Mobile breach post
Post announcing the leak on a hacker forum. Image by Cybernews.

Threat actors posted a database on a cybercriminal forum, which they claim contains information stolen in April 2023. The post says the stolen data includes employee credentials, partial Social Security numbers (SSNs), email addresses, customer data, T-Mobile’s sales and analytics data, and other information.

The post advertising the leak is called “T-Mobile, Connectivity Source”. Connectivity Source is one of T-Mobile's authorized retailers serving customers T-Mobile branded stores.

According to the Cybernews research team, the sample data that attackers posted appears legitimate. So far, there’s no confirmed information about what data the leaked dataset contains. However, the team said that attackers posted a massive amount of data, 90 GB in total.

According to the company, the alleged attack is not related to to T-Mobile, and it's employee data was not leaked as a result.

“There has not been a T-Mobile data breach. The data being referred to online is believed to be related to an independently owned authorized retailer from their incident earlier this year. T-Mobile employee data was not exposed,” the company told Cybernews.

According to malware researchers vx-underground, who claim to have insider knowledge about the breach, the data was stolen shortly after T-Mobile‘s second hack of this year, which occurred in March, 2023.

Also in March, the company disclosed a cyberattack in which attackers may have accessed T-Mobile account PINs, SSNs, full names, and other data. In January 2023, T-Mobile USA suffered a breach involving the accounts of 37 million of its cell phone users.

The company has suffered numerous data breaches in the past as well. In August 2021, T-Mobile reported a data breach after an online forum said that the personal data of more than 100 million of the company’s users was leaked.

Updated on September 25 [06:15 GMT] with a statement from the company.