UPDATED: T-Mobile has confirmed it was breached, but said the attackers did not steal any data that could endanger customers.
In a statement released late June 8, company officials released little in the way of details regarding how the breach took place, but reaffirmed its commitment to continuing the ongoing investigation.
“Regarding the recent claim on a Website, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers,” a T-Mobile spokesperson said in an e-mail.”We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers’ information and our systems are protected.”
The response was the latest twist in a breach first made public over the weekend on the Full Disclosure mailing list. On June 6, a message was posted in which attackers claimed to have hacked T-Mobile and swiped information.
“We have everything-their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009,” the message read. “We are offering them for the highest bidder. We already contacted with their competitors and they didn’t show interest in buying their data-probably because the mails got to the wrong people-so now we are offering them for the highest bidder.”
The T-Mobile spokesperson said the company is unable to disclose additional information at this time, but stated customers “can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.”
Richard Gorman, CEO of database security vendor Vormetric, urged companies should invest in encryption as a means of rendering breaches less serious.
“All companies, including T-Mobile, should be encrypting and protecting all customer information and thus keeping the information off hacker market,” Gorman said. “Strong data security is absolutely critical given the rapid increase we have seen in targeted and sophisticated information theft for profit over the last two years.”
UPDATE: T-Mobile has reportedly said that the information was not obtained by hacking.