RestorePrivacy

Your online privacy resource center

General

Home

News

About

Contact

Privacy Tools

Newsletter

Coming soon.

No spam, ever.

T-Mobile Retailer Suffers Breach, Employee Data Leaked on Hacking Forum

By Leave a Comment
T Mobile Data Breach 2023 Leak

Samples of data allegedly belonging to a T-Mobile Retailer, Connectivity Source, appeared on a popular hacking forum earlier today.

Connectivity Source describes itself as “one of T-Mobile’s largest Authorized Retailers serving customers nationwide in our T-Mobile branded stores.”

The forum user who posted the leak released 89 GB of data that has allegedly been exfiltrated from the retailer earlier this year, and first released today.

The threat actor on the hacking forum has fully released all data, with a direct download link for anyone to access. The hacking forum post also contains a data sample that allegedly includes Connectivity Source employee data, as you can see below.

T Mobile Data Breach
The data leak posted on the infamous BreachForums.
RestorePrivacy

The data appeared on the hacking forum ‘Breached,’ and the samples include text files containing:

  • Names
  • Employee credentials
  • Partial social security numbers (last 4 digits)
  • Email addresses

In our analysis of the sample, the leak appears to only contain employee data, not customer data.

T Mobile Data Leak Employees
The Threat Actor’s sample of the T-Mobile data.
RestorePrivacy

According to the Threat Actor who released the data, the breach occurred in April 2023, but was not leaked until earlier today, for unspecified reasons.

T-Mobile denies breach, points to third-party retailer

T-Mobile provided RestorePrivacy with a comment, clarifying that the breach appears to affect an independent T-Mobile retailer, rather than the large telecom firm itself.

There has not been a T-Mobile data breach.  The data being referred to online is believed to be related to an independently owned authorized retailer from their incident earlier this year.  T-Mobile employee data was not exposed.

T-Mobile spokesperson

While this appears to be good news for T-Mobile, having not suffered yet another breach, it is nonetheless a large leak for Connectivity Source with 89 GB of internal data being shared online.

T-Mobile did not directly name Connectivity Source, but the user who posted the data in the hacking forum did in the post title, “(2023) T-Mobile | Connectivity Source”.

Past T-Mobile breaches

According to T-Mobile official data breach letter earlier this year, it was also breached in March 2023, just one month prior to the current alleged leak. Additionally, in another regulatory filing, T-Mobile also reported a breach in January of this year.

Last year, the NY Attorney General issued a consumer alert warning that users exposed in another T-Mobile breach were at risk for identity theft and fraud. The same would hold true for this current breach should it prove to be legitimate.

RestorePrivacy contacted T-Mobile to request a comment on the validity of the data sample and whether the company experienced a security incident around April of this year.

We received clarification the day after the story was published and updated the content and title to reflect this new info.

Further Reading:

Avatar photo

About Heinrich Long

Heinrich is an associate editor for RestorePrivacy and veteran expert in the digital privacy field. He was born in a small town in the Midwest (USA) before setting sail for offshore destinations. Although he long chafed at the global loss of online privacy, after Edward Snowden’s revelations in 2013, Heinrich realized it was time to join the good fight for digital privacy rights. Heinrich enjoys traveling the world, while also keeping his location and digital tracks covered.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *