T-Mobile on Friday released more details about a hack into its systems, noting that more customers were affected than it previously disclosed. Further, the company said hackers obtained some customers' IMEI and IMSI phone data alongside other personal information, potentially paving the way for deeper security breaches.
The Wall Street Journal reported that the FBI is aware of the situation and that the FCC has opened an investigation into the matter.
News of the hack broke early this week, and T-Mobile has been issuing updates of its investigation into the issue since then. The company's latest update indicates hackers obtained more data on its customers than T-Mobile initially disclosed.
"We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed," the company said in a statement.
However, the company said it has no indication that hackers were able to access financial information such as credit card or debit card data.
Citing security experts, the WSJ reported that IMEI and IMSI data – identifier numbers associated with a customer's specific phone – could allow hackers to conduct so-called SIM swaps. That's important considering phone numbers are often used as the second element in two-factor authentication for online services such as banking.
Nonetheless, some analysts don't expect the issue to represent much of a speed bump for T-Mobile. "I don't see much customer impact from this," analyst Jeff Moore of Wave7 Research told S&P Global.
Citing security researchers, the WSJ reported that T-Mobile's hack is the fourth-largest release of private customer data this year. For T-Mobile, it's the fifth time in recent years that the operator has reported hacks into its systems.
Finally, it's worth noting that T-Mobile may not be alone. A new report from BleepingComputer indicates AT&T's customer data may have been compromised also, though AT&T has said its systems were not breached.
- Hack could cost T-Mobile millions, analysts predict
- T-Mobile admits breach after epic hacking claims
- T-Mobile confirms it was hacked