T-Mobile Says Customer Data Not Stolen In Hack

T-Mobile USA issued a followup to its statement Monday, saying that it is continuing to investigate the hack. The mobile telecom giant, however, said it had not found any evidence that customer information was stolen.

"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile," the company said in a statement. "Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.

"We continue to investigate the matter and have taken additional precautionary measures to further ensure our customers' information and our systems are protected," the company said. "At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

Hackers said in an e-mail posted on a Full Disclosure mailing list Saturday that they had broken into a T-Mobile database, which gave them access to untold customer accounts, financial records and other sensitive corporate data.

"We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the hackers said in a message from e-mail address [email protected]. Attempts to contact the hackers at the e-mail address resulted in a mail delivery failure notice.

The hackers indicated that they had attempted to sell the data to T-Mobile competitors for an undisclosed price, but were thwarted when the companies failed to respond. T-Mobile competitor Verizon did not immediately respond to requests for comment from Channelweb.com.

The hackers then said that they planned to sell the T-Mobile information to the highest bidder. The e-mail contained samples of files from T-Mobile's systems to further prove their claims.

Meanwhile, security experts wonder why the hackers didn't include actual customer account information in their original e-mail, but instead chose to entice would-be buyers with network scans.

"They say they reached out to competitors and released information regarding the breach. But at the same time, they didn't provide anything more than a list of server names and table information on the databases themselves," said Paul Henry, security and forensic analyst for security company Lumension.

"It could very well be that someone has been able to obtain a map of (T-Mobile's) internal network and don't have any real data. They could coerce people into purchasing data that they don't have," Henry said, adding, "At this point, because there was such limited information posted, we have to rely on T-Mobile."

Henry said that while the events surrounding the T-Mobile hack are still unclear, major carriers will have to build a solid foundation of network security, along with technologies such as whitelisting, current generation firewall technologies, and comprehensive endpoint security for removable media, in order to adequately secure their networks and reduce the risk of an external hack.

"We're in an arms race with the black hat community," Henry said. "We always have to be able to meet current threats."