T-Mobile has denied struggling one other knowledge breach following Thursday night time experiences {that a} risk actor leaked a big database allegedly containing T-Mobile workers’ knowledge.
The cellular provider instructed BleepingComputer that the leaked knowledge is believed to belong to a certified retailer, which was breached earlier this yr.
“There has not been a T-Mobile knowledge breach. The knowledge being referred to on-line is believed to be associated to an independently owned approved retailer from their incident earlier this yr. T-Mobile worker knowledge was not uncovered,” T-Mobile instructed BleepingComputer.
Last night time, somebody beneath the alias ’emo’ shared an 89 GB ZIP archive allegedly containing T-Mobile knowledge on the BreachForums hacking discussion board totally free.
While emo states within the put up title that the breach is expounded to T-Mobile and Connectivity Source (a third-party T-Mobile approved retailer), the put up signifies that it was stolen from the mobile firm.
“In April 2023 T-Mobile suffered an information breach exposing gross sales knowledge/ analytics, T-Mobile help calls with prospects, worker credentials, partial SSNs, e-mail addresses and buyer knowledge,” reads the discussion board put up.
Source: BleepingComputer
The archive posted to the hacking discussion board incorporates a considerable amount of knowledge, together with worker IDs, employment standing, rent dates, termination dates, rehire dates, job titles, division, names, final 4 digits of social safety quantity, and e-mail addresses.
The knowledge additionally seems to comprise details about buyer orders and their plans.
Malware repository VX-Underground was first to share information on the information leak in tweets [1, 2] describing it as being the results of a T-Mobile breach.
“T-Mobile has been breached (once more). Data has been exfiltrated and it’s being shared on-line (once more) This is T-Mobile’s eighth breach since 2018,” reads tweets from VX-Underground.
As T-Mobile is understood within the cybersecurity neighborhood for its repeated knowledge breaches, struggling 9 since 2018, with two already in 2023, it was simple to imagine that it suffered one other.
Likely linked to Connectivity Source breach
However, this knowledge breach is believed to be associated to Amtel, LLC, a certified T-Mobile retailer doing enterprise because the Connectivity Source model, who warned of a breach earlier this yr.
In May 2023, Amtel warned that they suffered an information breach on April nineteenth that allowed the attackers to steal knowledge for present or former workers of the corporate.
“On April 19, 2023, Amtel was notified of suspicious exercise in its community atmosphere. Upon discovery of this incident, Amtel promptly engaged a specialised cybersecurity agency to safe its atmosphere and to find out the character and scope of the incident,” reads the Amtel/Connectivity Source knowledge breach notification.
“While the investigation is ongoing, Amtel decided the incident concerned restricted personally identifiable info (“PII”) the identical day.”
While it has not been confirmed if the information launched on BreachForums is identical knowledge breach disclosed by Amtel, the dates align, making it extremely doubtless.
BleepingComputer contacted Connectivity Source in regards to the publishing of its stolen knowledge final night time however didn’t obtain a response to our e-mail.
The excellent news is that this knowledge doesn’t comprise buyer knowledge, and Amtel claims that solely 17,835 present and former workers had been impacted by the breach.
However, this knowledge continues to be worthwhile for risk actors, who may ship focused phishing emails to Connectivity Source workers to realize entry to help programs or carry out SIM Swapping assaults.
Therefore, all Connectivity Source workers needs to be looking out for suspicious emails and ensure that they’re legit earlier than appearing upon any of them.