“We take the protection of our customers very seriously, and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the company stated in the release.
T-Mobile noted in the release that it found there was unauthorized access, but said it didn’t know if that contained any personal customer data.
The company is confident that it has closed the entry point the hackers used to gain access, per the release. It is continuing to review the system to figure out what data was illegally accessed.
“This investigation will take some time, but we are working with the highest degree of urgency,” T-Mobile said in the release. “Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.”
The company said in the release it will be issuing updates to help answer customers’ questions and concerns.
News came to light earlier Monday that sensitive information from more than 100 million T-Mobile users was being sold on the dark web. The data included users’ names; Social Security numbers; phone numbers; physical addresses; driver license details; and unique IMEI numbers.
An underground forum reported having a customer data set selling for 6 bitcoin (about $270,000). That came with 30 million Social Security numbers and drivers license details. According to the seller, the rest of the data was in the process of being sold as well, in a private manner.
“I think they already found out because we lost access to the backdoored servers,” the seller said in a published report, referring to the possibility that T-Mobile had responded to the hack.