T-Mobile US has said cyber attackers who breached its computer networks stole personal details of more than 40 million past, current and prospective customers.
The information stolen from the company's servers included victims’ names, dates of birth, social security numbers and driving licence details, the Washington-based company said in a statement.
The American wireless network provider confirmed that no phone numbers, bank account numbers, personal identification numbers, passwords or financial information were compromised.
“We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts,” T-Mobile said.
“We are confident that the entry point used to gain access has been closed and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed … this investigation will take some time but we are working with the highest degree of urgency.”
The breach reportedly occurred nearly two weeks ago and contained customer data from as far back as 2004.
Remote working and rapid digital transformation due to the Covid-19 pandemic have fuelled case of data theft globally, according to a latest report by technology company IBM.
The average global cost of a data breach rose by about 10 per cent a year to $4.2 million over the past 12 months, it said. The US continued to top the list, with average costs of $9.05m, up from $8.6m a year ago. Saudi Arabia and the UAE follow with $6.9m, Canada ($5.4m), Germany ($4.9m) and Japan ($4.7m).
“T-Mobile’s attackers apparently claim they ransacked company databases as reprisal for US espionage activity. They do not seem to be demanding a ransom,” said Hitesh Sheth, president and chief executive of California-based company Vectra AI, which uses artificial intelligence to detect cyber attacks.
“If privately owned infrastructure is going to suffer retaliation for things government does, it’s imperative that businesses shore up their cyber defences,” he added.
In May, cyber criminals targeted the US company Colonial Pipeline, which each day ships about 2.5 million barrels of oil. It had to pay a ransom of about 75 Bitcoin to regain control of its systems. However, the US investigators claimed to have recovered about 63.7 Bitcoin.
“Data breaches, ransomware attacks and other malicious threats are not receding, but rather only increasing in frequency and severity,” said Sam Curry, chief security officer of Boston-based security firm Cybereason.
“This [T-Mobile] breach is a reminder that, as consumers, our personal information has been stolen many times … it appears that social security numbers, government ID numbers, driver’s licence information and other personal information is being made available for sale. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts."