Thursday, September 16, 2021
Thursday, September 16, 2021
More

    Twitter DM reveals T-Mobile downplayed cyberattack with misleading text to 50M victims
    T

    The cyber attack that compromised personal identifying information of over 50 million Americans morphed into T-Mobile’s ticking time bomb.

    Your Content is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.

    Get Your Content. Daily.

    Be the first to know about the biggest stories as they break. Sign up for breaking news email alerts from Your Content.

    T-Mobile has concealed a critical secret from over 100 million people – their social security numbers and other identifying information is being sold on the internet, and Your Content has exclusively learned hackers have obtained personal identifying information from nearly all individuals who received a text from the tech-giant noting their information ‘was compromised.’

    When news surfaced that T-Mobile was targeted by a massive cyber-attack, corporate bigwigs refused to confirm claims 100 million customers personal data—including social security numbers and drivers licenses—are now for sale online. 

    - Advertisement -

    The previously unconfirmed allegations about what exactly the hack involved could mean nearly all T-Mobile’s 104.8 million subscribers would be affected.

    Twitter DM admits T-Mobile downplayed cyberattack with misleading text to 50 million
    An official T-Mobile alert sent on Thursday, Aug. 19, 2021, downplaying the extent of the cyber attack that affected over 50 million customers. (Photo: Original Media Group Corporation)

    T-Mobile sent a generic soft text message to those affected insisting the compromised customer refrains from panicking—asserting ‘no evidence’ that ‘debit/credit card information was compromised.’

    “T-Mobile has determined that unauthorized access to some of your personal data has occurred. We have no evidence that your debit/credit card information was compromised.” T-Mobile wrote in the Aug. 18 text alert. “We take the protection of our customers seriously.

    “We are taking actions to protect your T-Mobile account and we recommend that you take action to protect your credit.”

    - Advertisement -

    Rather than informing the victim of just what information was compromised, the tech-giant directs customers to a tutorial on ‘protecting yourself’ from identify theft.

    Twitter DM admits T-Mobile downplayed cyberattack with misleading text to 50 million
    A direct message sent to T-Mobile via Twitter on Aug. 23, 2021, inquiring about the ‘compromised information’ relayed in the Aug. 19 text message. (Photo: Original Media Group Corporation)

    Your Content has learned nearly a third of the U.S. population’s data—including social security numbers, birthdays, and personal identifying information—was compromised in the recent cyber-attack. What’s more, rather than alerting customers of the grave financial risk they face, the tech-giant directs them to a website to learn how to ‘protect yourself’ from identify theft.

    Consumers affected by the breach have no way of knowing what information was compromised without inquiring with the tech-giant—whether it be via phone, e-mail, or social media, a Twitter exchange with T-Mobile customer service representative Nathan Lovato reveals.

    When asked ‘how could we find out what / how I was attached in the data breach and the extent of whatever was accessed’ the representative paused briefly before confessing the customer’s information was compromised as part of the recent attack.

    “Thanks for hanging in there.” Lovato quipped. “I appreciate you sending over the text message.

    “In this case only information like your phone number, SSN, and birthday were compromised. No financial information from cards or bank accounts was compromised. If you haven’t already we recommend changing your T-Mobile account security PIN number and My T-Mobile password to something new.

    “That way only you have the updated information.”

    Representatives for T-Mobile vehemently denied the allegations in an e-mail to Your Content Thursday evening.

    “We are a government regulated, publicly traded and ethical company that puts customers first—we have not knowingly provided false information on an issue like this as suggested,” the T-Mobile spokesperson told Your Content. “Once we became aware of claims made in an online forum that a bad actor had compromised T-Mobile systems—we immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment”

    Twitter DM admits T-Mobile downplayed cyberattack with misleading text to 50 million
    A direct message from T-Mobile via Twitter on Aug. 23, 2021, downplays the seriousness of the cyber situation as a T-Mobile representative asserts the “only information compromised is like your phone number, SSN, and birthday.” (Photo: Original Media Group Corporation)

    Vice first reported the claims of a data breach.

    As Your Content previously reported on Aug. 18, names, social security numbers and information from driver’s licenses or other identification of well over 50 million former and prospective customers that applied for T-Mobile credit were exposed in a data breach.

    It is not the first breach to impact T-Mobile customers. In 2018, the company was hit with a breach in which hackers obtained the personal data of roughly two million customers including names, addresses, and account numbers.

    In 2019, hackers gained access to the personal data of some of T-Mobile’s prepaid customers.  

    And a March 2020 breach exposed the social security numbers, financial information, and account information of some T-Mobile customers.

    T-Mobile completed its merger with Sprint last April, making it the second largest wireless phone carrier in the U.S.

    The company reported a subscriber base of 104.8 million in the second quarter of 2021, second only to Verizon with 121.3 million subscribers. 

    The latest breach, dubbed a cyber pandemic, marks a stunning public relations blow for the company and CEO Mike Sievert, who took over last year upon the merger with Sprint. 

    “Once we were able to identify customer impact we provided initial public statements and worked around the clock to determine which customers were impacted to begin communicating with them,” the T-Mobile spokesperson told Your Content Thursday. “As our investigation provides more information, we will continue to reach out to impacted customers and others.”

    - Advertisement -