T-Mobile is investigating a claim that a massive amount of internal data has been stolen from the telecommunication operator’s servers, a company spokesman said Monday.
On Saturday, a message about T-Mobile was posted to the Full Disclosure mailing list by people who wrote they’d unsuccessfully tried to sell the data to T-Mobile’s competitors. They wrote they’d pitched the information to the wrong e-mail addresses, but were now willing to sell the data to anyone. Full Disclosure describes itself as an unmoderated forum where people can post information on security vulnerabilities.
“We have everything — their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009,” read the message. “We are offering them for the highest bidder.”
The hackers then included a raft of data that showed information on operating system versions, applications and IP (Internet protocol) addresses allegedly collected from T-Mobile’s systems. The strings of information listed vendors such as Tibco Software, SAP, Centivia and Teradata whose software T-Mobile supposedly uses.
Whether the message is a hoax or real isn’t clear. Full Disclosure cautions that 80 percent of its postings on the site are “drivel,” and that many deal with industry gossip. Efforts to contact the hackers by the e-mail address posted on Full Disclosure were not successful as of Monday afternoon U.K. time.
T-Mobile said in a statement that it takes data safety seriously. “As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible,” according to the company.
T-Mobile International is a wholly-owned subsidiary of Deutsche Telekom of Germany. In its first quarter 2009 financial results ending in March, the company counted 148.4 million customers in 12 countries.