T-Mobile Data Breach – Has Your Personal Information Been Exposed?

T-Mobile had a malicious cyberattack on their systems. They have informed customers that the breach has been contained and their investigation is substantially complete.  

John Brinns (21-year-old) claims responsibility for the hacking. He spoke out in an interview with The Wall Street Journal about the hack and revealed that T-Mobile had weak spots in its internet addresses and unprotected routers that allowed him to access over 100 servers. He did not disclose to the Journal whether he sold data or if he was paid for it.

On August 17th, T-Mobile confirmed that their systems were subject to a criminal cyberattack that compromised data of millions of their customers, former customers, and prospective customers. Fortunately, the breach did not expose any customer financial information, credit card information, debit or other payment information but, like so many breaches before, Social Security Numbers, names, addresses, dates of birth and driver’s license/ID information were compromised.

It is T-Mobile’s responsibility to keep the sensitive data of their customers safe and protected.  This is an incredibly seriously situation and it is their responsibility to prevent this type of event from happening.

While monitoring your credit report is a good thing, there are many other things you can do with your personal data. An identity-monitoring company will not only monitor your credit and Social Security numbers, but also look for criminal activity on the dark web. If someone attempts to access your personal information, it should provide you with peace of mind.

It is a simple way to ensure that a breach of one online account doesn’t result in bad guys accessing other online accounts.

Instead of using the same password repeatedly, or multiple passwords, use a password manager to store, create and autofill your login information. T-Mobile will also share best practices for password resets with customers in order to protect their logins and data.

It is important to take action immediately after a breach or hack is reported. Don’t wait for affected companies to tell you how they want it handled. Be proactive. It’s your information, and your financial future, that is at stake.

After you have secured your credit and started monitoring services, start to look at the suggestions of affected companies.

Data breaches are not all created equal. While none of them are perfect, they can be very damaging. It’s easy to get accustomed to these news stories, given the frequency with which they occur. T-Mobile’s breach that hackers claimed involved 100 million people’s data is still something you should be aware of, especially if your company is an “un-carrier”.

If your information was exposed, you may be entitled to compensation under your state’s laws. Please provide your information to Levi & Korsinsky in order to see if you qualify to submit a claim. Register here

Yes, on August 17, 2021, T-Mobile reported that it was the victim of a malicious data breach which exposed personal information for over 47 million T-Mobile customers and prospective customers. T-Mobile confirmed that the data accessed included customers’ first and last names, dates of birth, Social Security numbers, and driver’s license/ID information.

T-Mobile notified individuals who were affected by the data breach. Notice may have been provided via text, email, letter, or notification on the T-Mobile App.

T-Mobile purchased Sprint on April 1st to create a “5G powerhouse.” T-Mobile claimed that they were consolidating all Sprint accounts within their company at the time of the merger. This could have led to some Sprint customers having their data exposed during the data breach. You may wish to take precautionary steps to protect your personal data if you have been a Sprint customer in the past.

T-Mobile issued a statement confirming the theft of names, dates, births, social security numbers and driver’s license numbers as well as IMEI/IMSI information for approximately 7.8 million customers.

The names and addresses of 40 million other customers or potential customers were also leaked.

Over 5 million “currently postpaid customer accounts” contained information such as names, addresses, dates of births, phone numbers and IMEIs.

T-Mobile stated that another 667,000 accounts were stolen from former T-Mobile customers. This was in addition to 850,000 active T-Mobile Prepaid customers whose names, phone numbers, and account PINs were also exposed.

According to T-Mobile, the names of 52,000 Metro by T-Mobile customers may have been accessed.

The same as the T-Mobile Data breach, the security breach refers to your information being leaked in a data breach and potentially available on the dark web.

Information that is compromised during a data breach may be used by cybercriminals to commit identity theft, fraud, and other cybercrimes.

John Binns, a 21-year-old American citizen, claimed that he was the principal culprit in the attack. Alon Gal, cofounder of Hudson Rock’s cybercrime intelligence firm Hudson Rock said so.

His father was American, and his mother Turkish. He died at the age of two. Binns was 18 when he and his mother returned to Turkey.

Binns was born in the USA but now resides in Izmir in Turkey. He claimed that he carried out the attack from his house. Telegram provided Binns with evidence to the Wall Street Journal that proved he was behind T-Mobile’s attack. Binns also told reporters that he had originally gained access to T-Mobile’s network via an unprotected router in July.

According to Wall Street Journal, he was searching through T-Mobile’s internet addresses for weaknesses in its defenses and found one. He then gained access to a data centre near East Wenatchee Washington, where he could examine more than 100 servers. It took him about a week to access the servers that held the personal information of millions. He had already stolen millions of files by August 4.

“I panicked because I had access the big stuff. They have terrible security,” Binns said to the Wall Street Journal. “Generating noise was our goal.”

Bleeping Computer was informed by him that he had gained access to T-Mobile systems via “production, staging and development servers” two weeks ago. He broke into an Oracle database server containing customer data.

Binns shared with Bleeping Computer reporters a screenshot of his SSH connection from a production server running Oracle to prove that it was true. According to the interview with Bleeping Computer, they didn’t try to kidnap T-Mobile as they had buyers online.

He told Motherboard that he had stolen data from T-Mobile’s servers. T-Mobile eventually kicked him out, but not before making copies of the data.

According to Motherboard and Bleeping Computer, Binns and other underground hackers were found selling a sample containing 30 million social security numbers, driver licenses, and more for 6 bitcoin.

You may be eligible to bring a claim against T-Mobile and you may be entitled to statutory damages or actual damages for harm you have experienced as a result of the T-Mobile data breach. To find out more, submit your details here.