T-Mobile has launched an investigation into the data leak that has resulted in the personal information of millions of its customers being posted for sale online.

In a statement released on Monday, the mobile communications giant confirmed that data was “illegally accessed” from its systems, but remained tight-lipped about the nature of the data. However, on a positive note, the company also stated that it is “confident that the entry point used to gain access has been closed.

It was on an underground forum that a hacker claimed to be in possession of the data. The hacker, named SubVirt, recently posted on the site asking for 6 bitcoin (a little under $270,000) for a 30-million customer subset of the data, which is purported to include customer’s names, phone numbers, Social Security numbers, driver’s license information, IMEI numbers, and more. SubVirt is alleged to have the personal data of over 100 million T-Mobile customers, however. 

Hopefully the authorities will track down SubVirt before the data has a chance to be made public. Unfortunately, this does add to T-Mobiles recent string of data leakes. It was only back in January that the company admitted that hackers gained access to the call records of over 200,000 of its customers, and in 2018 personal data belonging to around 2 million of its customers was stolen.

Leaked data can be used by cybercriminals in many ways:

• Identity theft.
• Targeted phishing attacks.
• Brute-force attacks to try and gain full access to online accounts.
• SIM swap attacks, which allow hackers to get around multi-factor authentication.
• Smishing attacks, which are used to trick victims into revealing additional personal information.

Use Trend Micro™ ID Security to find out if your information has been made public. It scans the internet and the dark web, and if your data (SSN, email addresses, passwords, codes etc.) has been shared online, it will notify you and tell you exactly where it was found.

It is already included in your plan! Check if you were affected now by activating your included ID Security.

It is not possible for us to list all the signs of every type of scam cybercriminals may commit using leaked data, so if you believe you may be a victim, please be extra cautious.