The US Federal Communications Commission (FCC) said late Wednesday it will investigate a data breach disclosed by T-Mobile US impacting more than 47 million current, former, and prospective customers.
The third-largest US wireless carrier said personal data, including social security numbers and driver's license information, of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.
Dates of birth, first, and last names were also stolen, the telecom services provider said, adding there was no indication their financial details had been compromised.
"Telecommunications companies have a duty to protect their customers' information. The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating," an FCC spokesperson told Reuters.
The company, which had 104.8 million customers as of June, acknowledged the data breach on Sunday after US-based digital media outlet Vice reported that a seller had posted on an underground forum offering private data, including social security numbers from a breach at T-Mobile servers.
T-Mobile also said approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed.
In 2015, AT&T agreed to pay a $25 million (roughly Rs. 185 crores) fine to resolve an FCC investigation into consumer privacy violations at AT&T's call centers.
Vice said the seller claimed that 100 million people had their data compromised in the breach. The seller was offering data on 30 million people for 6 Bitcoin, or around $270,000 (roughly Rs. 2 crores).
Reports later suggested that the asking price had slumped and the entire data was being sold for just $200 (roughly Rs. 14,860).
Reuters has not been able to check the veracity of the forum's post.
T-Mobile's data breach is the latest high-profile cyberattack as digital thieves take advantage of security weakened by work-from-home policies due the COVID-19 pandemic.
Earlier this month, cryptocurrency platform Poly Network lost $610 million (roughly Rs. 4,530 crores) in a hack and later offered the hacker or hackers a $500,000 (roughly Rs. 3.7 crores) "bug bounty".
© Thomson Reuters 2021