Hackers Steal Data of 40mn Americans

By Staff, Agencies

Hackers gained access to sensitive personal information from about 7.8 million current American subscribers, and records of 40 million people who previously applied for credit with the giant US mobile service provider.

The company said Wednesday some of the exposed data included customers’ first and last names, social security numbers and driver’s license, adding that the hacking also included the PINs of about 850,000 active prepaid customers.

The cellphone carrier said it was “informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,” and it has been investigating the data breach since last week.

On Sunday, US media reported that a vendor in an online forum was trying to sell $270,000 worth of stolen information obtained from T-Mobile servers. The company confirmed on Tuesday that customer data was affected.

Hackers have targeted T-Mobile in the past. In 2018, T-Mobile suffered a security breach that compromised personal information of two million customers, including phone numbers, email addresses and account numbers. In 2019, the company’s email vendor was hacked, revealing some customer and employee personal information.

The recent breach follows a string of high-profile cyberattacks that underlined the vulnerability of US government agencies and companies to digital intrusions and the damage hackers can inflict beyond the theft of personal information.

This spring, a ransomware attack on US Colonial Pipeline disrupted the East Coast’s fuel network, setting off gasoline shortages across several states. Weeks later, a major cyberattack targeted the US branch of world’s largest meat supplier, JBS, sparking concern over potential shortages and higher beef prices.

US lawmakers have discussed a $2 billion bill in spending for cybersecurity initiatives, including a $1 billion grant program to provide federal cybersecurity assistance to US state and local governments, which experts say are among the most vulnerable institutions to ransomware attacks, in which hackers break into computer systems and then demand a ransom to restore access to the victim.

Experts expressed concerns that, more and more, companies and institutions do not have the necessary security protocols in place to protect sensitive information.