Data breaches at major companies are, sadly, nothing new, but the latest one has an interesting wrinkle. This week, a hacking group claimed it stole 64 million records of T-Mobile customers, but T-Mobile denies there has been any new data breach.
A Thursday report from Cybernews cited an unconfirmed dataset from a data breach forum popular for selling stolen data. The dataset contains 64 million lines of sensitive details allegedly siphoned from America’s second-largest mobile carrier, T-Mobile. That includes: full names, dates of birth, tax IDs, full addresses, phone numbers, email addresses, device IDs, cookie IDs, and IP addresses.
It's clear that data of this nature would be incredibly valuable to malicious actors. Details such as IP addresses can be used to craft highly targeted spearphishing attacks, while identifiers like full names, birthdates, and tax IDs open the door to financial fraud. Cybernews' security team also found that the leak included data points that were not revealed in previous T-Mobile leaks, such as the one in 2021 that T-Mobile just began rolling out settlement payments for.
With a potential breach of this scale, most companies would be in crisis mode the moment such news became public. But T-Mobile is adamant that the data hackers shared has nothing to do with it or its customer base.
“Any reports of a T-Mobile data breach are inaccurate. We have reviewed the sample data provided and can confirm the data does not relate to T-Mobile or our customers," a T-Mobile representative told Tom's Guide.
The representative described Cybernews' original article as misleading. They added that, given the data set's structure, naming conventions, and noticeable inconsistencies, it appears to be a synthetically generated compilation of outdated or unrelated data, which is a tactic bad actors use to deceive potential buyers.
Notably, The Mobile Report highlighted that the popular hack-monitoring website Have I Been Pwned has not updated its website to include the purported data breach. That could mean that all of the information contained in those 64 million lines either was found in previous attacks or, as T-Mobile suggests, is outdated or unrelated to T-Mobile customers.
What does this mean for T-Mobile customers?
For now, it remains unclear whether the hack is legitimate. And that leaves T-Mobile customers understandably on edge in the meantime. The claim could turn out to be false, meaning the data is from previously leaks or contains unrelated or outdated information.
However, if this is a new breach under T-Mobile’s watch, don’t expect compensation anytime soon. As I said before, payouts for the 2021 hacks only started rolling out a few months ago, suggesting that any restitution from this incident could be a long way off.
As for what you can do in the meantime, seriously consider investing in one of the best identity theft protection services or the best antivirus software. That way, whether this breach turns out to be real or not, you'll at least have peace of mind that you're doing everything you can to stay safe and secure online.
