In a troubling revelation for millions of customers, a user on a cybercrime forum claims to have breached Verizon and T-Mobile US, stealing vast amounts of data set for sale online. The user, identified as G_mic, announced that they have obtained personal records of 61 million Verizon customers and 55 million T-Mobile customers, available in CSV and JSON formats. Analysis of this data suggests it includes sensitive information such as names, addresses, phone numbers, and even IP addresses.
The purported Verizon data, weighing in at 3.1 GB, allegedly contains detailed personal information including city, state, county, gender, ZIP code, full name, carrier name, and ownership status, among others. G_mic has set a price of just $600 for access to this sensitive dataset. This claim raises concerns about the potential misuse of such extensive personal data and the impact it could have on those affected.
When approached for a comment, a Verizon spokesperson stated that the company has scrutinized the data and determined it to be “old data, previously posted on the dark web,” asserting that it is not connected to their current customer base. For reference, Verizon Communications Inc. is one of the largest telecommunications providers in the United States, catering to approximately 146 million wireless subscribers.
Simultaneously, T-Mobile users are facing similar allegations. G_mic claims to possess current Personal Identification information of 55 million T-Mobile US customers, appending a sale price of $400 for this data. While the spokesperson for T-Mobile promptly disputed the allegations, declaring no breach had occurred, the unsettling fact remains that historical data breaches at T-Mobile, affecting millions in the past, necessitate vigilance among its customers regarding their personal data security.
Both Verizon and T-Mobile, frequent targets of cybercriminal activity and state-backed hacking efforts, urge users to remain cautious. Given T-Mobile’s history of at least eight confirmed data breaches since 2009, including massive incidents, the latest claims indicate a persistent threat to users’ personal information.