Over the weekend some crackers posted on a full disclosure mailing list some information they claimed had come from T-Mobile USA’s servers, and invited interested parties to bid for the full documents. T-Mobile has issued the following statement in regards to that:
“Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers’ information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.”
It had earlier said that it had identified the document from which the information had been taken, leading to reports that the company indeed had been hacked. They seem to have backed off that claim, although they haven’t actively denied it. Several security experts have opined that the people offering to sell sensitive customer data probably don’t have it as they failed to post any examples, which would have added credibility to their claim and raised the price they would receive. Paul Davie, founder of data security specialist Secerno, is quoted in CSO: “If I were a customer of theirs I wouldn’t immediately be worried. If these guys have personally identifiable information, then they would have exposed enough of that to give credibility to the story, because it’s going to massively increase the value of what they’re going to sell. So I suspect that they don’t have that kind of thing.”
Comments have been disabled for this post