T-Cell stated rumors of a breach affecting their workers’ knowledge are inaccurate, attributing a leak to an April assault on an impartial retailer.
On Thursday night, researchers for the malware repository vx-underground said they’d been contacted by hackers going by the names “Doubl” and “Emo” a few breach that occurred in April – proper after a T-Cell breach that came about in March 2023.
The 90 gigabytes of stolen worker knowledge had been being shared on felony boards and unfold all through Telegram and Discord, in response to vx-underground. The researchers shared censored screenshots of samples from the stolen knowledge, writing that “data from the leak may be very massive and we might not be capable to sufficiently element every little thing leaked in textual content as a result of it’s a number of databases.”
A T-Cell spokesperson instructed Recorded Future Information that no breach of their firm methods had occurred in April.
“There has not been a T-Cell knowledge breach,” the corporate stated.
“The information being referred to on-line is believed to be associated to an independently owned licensed retailer from their incident earlier this yr. T-Cell worker knowledge was not uncovered.”
A submit on the cybercrime market BreachForums attributes the breach to an April cyberattack on Connectivity Supply, an independently-owned seller that makes use of T-Cell branding and sells wi-fi handsets, linked watches and tablets. The corporate didn’t reply to requests for remark.
The stolen data, purportedly from Connectivity Supply, ranged from worker IDs, dates of hiring and firing, worker login data, Social Safety numbers, in addition to service account particulars for workers.
The difficulty caps a tough week for T-Cell after lots of of consumers took to social media to complain that they might see the knowledge of different prospects on their accounts — together with private knowledge like present credit score balances, buy historical past, bank card data, and residential addresses.
T-Cell ultimately instructed The Verge that the difficulty was not associated to a safety occasion however as an alternative was a “momentary system glitch associated to a deliberate in a single day expertise replace involving restricted account data for fewer than 100 prospects, which was shortly resolved.”
One of many three largest telecommunications corporations within the U.S., T-Cell handled a number of massive knowledge breaches over the past three years.
Final yr, the corporate agreed to pay $350 million to a gaggle of victims and commit $150 million additional to safety upgrades to settle a class-action lawsuit introduced within the wake of a 2021 hack of delicate buyer knowledge.
Famous extortion group Lapsus$ additionally gained entry to the corporate’s methods final yr. In August, the corporate was concerned in a breach affecting bankrupt cryptocurrency platforms FTX and BlockFi.
The Federal Communications Fee voted unanimously to analyze potential modifications to the breach notification guidelines for telecommunications corporations in January, with FCC Chairwoman Jessica Rosenworcel arguing that the principles the company created greater than 15 years in the past are now not appropriate with a contemporary world the place telecommunication carriers have entry to a “treasure trove of information about who we’re, the place we’ve got traveled, and who we’ve got talked to.”
In a 40-page proposal doc, the FCC defined that there have been a number of breaches affecting the nation’s largest telecommunications corporations: Verizon, T-Cell and AT&T.
“The legislation requires carriers to guard delicate shopper data however, given the rise in frequency, sophistication, and scale of information leaks, we should replace our guidelines to guard customers and strengthen reporting necessities,” Rosenworcel stated.
No earlier article
No new articles
Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.