T-Mobile Investigating 100 Million Subscriber Data Breach
from the whoops-a-daisy dept
Another day, another massive privacy scandal. T-Mobile is purportedly investigating a massive data breach that may have revealed the personal data of more than 100 million subscribers. First reported by Motherboard, the stolen data recently popped up on underground hacker forums, and includes subscriber social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information. Motherboard confirmed the data is genuine, and noted that the seller is asking $270,000 for a small subset of the data:
“On the underground forum the seller is asking for 6 bitcoin, around $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The seller said they are privately selling the rest of the data at the moment.”
For years companies and some policymakers have soothed themselves with the belief that data collection of this scale isn’t a big deal because data is “anonymized.” But there’s been a steady parade of studies showing how it’s relatively trivial to identify users with just a small portion of additional data. The more data that’s just bouncing around in the wild, the easier it gets. And with a bevy of hacks and leaks like this one, it just gets simpler.
T-Mobile has just around 105 million wireless subscribers, meaning this hack could involve… pretty much all of them. Meanwhile consumers have yet to be informed because T-Mobile has yet to fully confirm the hack even happened, or provide any additional information:
“T-Mobile said in a statement to Motherboard that “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.” T-Mobile repeatedly declined to answer follow-up questions about the scale of the breach.”
You know, just another day in a country with no meaningful internet-era privacy protections.