T-Mobile said on Monday that hackers breached its internal servers and that company investigators are in the process of determining if the incident involves the theft of sensitive customer data.
“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” the company said in a statement. “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed.”
The threat actor claims to have hacked into T-Mobile’s production, staging, and development servers two weeks ago, including an Oracle database server containing customer data.
This stolen data allegedly contains the data for approximately 100 million T-Mobile customers and can include customers’ IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver’s license numbers, and date of birth.