T-Mobile tried to buy stolen customer data back, but failed

Third-party security firm paid cybercriminals for exclusive access to stolen T-Mobile customer data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

After falling victim to adata breachlast year, the US telecomT-Mobilehired a third-party which tried to buy back the company’s stolen data before it could be widely distributed online.

As reported byMotherboard, the plan was ultimately unsuccessful as the cybercriminals responsible continued to sell the company’s data on anonline hacking forumdespite being paid a total of $200k to delete their copy.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022.Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

The news outlet only recently learned that a third-party hired by T-Mobile tried to buy back the telecom’s stolen customer data following the Department of Justice unsealing an indictment against Diogo Santos Coelho who is allegedly the administrator of the notorious hacking siteRaidForums.

While Coelho was arrested in the UK back in March of this year, an affidavit regarding his extradition to the US contained new information on the T-Mobile data breach though the company was not named outright.

Purchasing stolen data from cybercriminals

According to the affidavit, a RaidForums’ user going by the handle “SubVirt” made the original post on the site offering to sell astolen databasecontaining the social security numbers, dates of birth, driver’s licenses and other sensitive information of 124m T-Mobile customers.

An employee of the third-party hired by T-Mobile responded to the post and bought a sample of the data in the database for $50k inBitcoin. After reviewing the sample, they then went on to purchase the entire database for around $150k on the condition that SubVirt would delete their copy of the data. This would limit T-Mobile’s customer data from ending up in the hands of other cybercriminals that could use it to commit fraud,identity theft, phishing attacks and other cybercrimes.

T-Mobile hacker slams company security as ‘awful’>T-Mobile blocked from advertising ‘most reliable’ 5G>AT&T and T-Mobile secure more spectrum in $22bn US 5G auction

After being paid $200k for the database, SubVirt and the other hackers behind the breach continued to try and sell the company’s stolen customer data on RaidForums. While the court documents don’t name the third-party hired by T-Mobile, in astatementback in August, the company’s CEO Mike Sievert explained that its investigation into the breach had been “supported by world-class security experts Mandiant from the very beginning”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Paying cybercriminals is not out of the ordinary and it routinely occurs when organizations fall victim toransomwareattacks. Just like in this case though, cybercriminals may not keep up their end of the bargain which is why the FBI and other law enforcement agencies say tonever pay a ransom.

ViaVice

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headache