Hacker Claims Massive T-Mobile Data Breach, Company Denies Involvement
An unnamed hacker recently posted on a dark web forum, alleging the theft of 64 million records containing sensitive customer data purportedly linked to T-Mobile. The leaked database, reportedly obtained as early as June 1, 2025, includes full names, dates of birth, tax IDs, postal and email addresses, phone numbers, device IDs, cookie IDs, and IP addresses.
T-Mobile swiftly denied any connection to the breach, stating that the data "does not relate to T-Mobile or our customers." Cybersecurity researchers at Cybernews analyzed the sample but could not verify its authenticity, noting that while some phone numbers matched past T-Mobile breaches, the full dataset’s legitimacy remains unconfirmed. The 64 million "lines" may not equate to 64 million unique individuals.
If legitimate, the exposed data could fuel targeted phishing attacks, identity theft, and fraud. This incident follows a pattern: last year, threat actor IntelBroker claimed to have breached T-Mobile, stealing source code and other internal files—claims the company also dismissed.
As of now, the origin and validity of the leaked data remain disputed.
T-Mobile cybersecurity rating report: https://www.rankiteo.com/company/t-mobile
"id": "T-M1767599480",
"linkid": "t-mobile",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Allegedly 64 million '
'(unverified)',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'T-Mobile',
'size': 'Large',
'type': 'Telecommunications'}],
'attack_vector': 'Unknown',
'data_breach': {'data_exfiltration': 'Alleged',
'number_of_records_exposed': '64 million (alleged)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Tax IDs',
'Postal addresses',
'Phone numbers',
'Email addresses',
'Device IDs',
'Cookie IDs',
'IP addresses']},
'date_detected': '2025-06-01',
'description': 'Hackers claimed to have stolen millions of records from '
'T-Mobile, including names, email addresses, phone numbers, '
'and other PII. T-Mobile denied any connection to the archive, '
'stating it had nothing to do with the company or its '
'customers.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to false '
'claims and media coverage',
'data_compromised': '64 million records allegedly containing PII',
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged'},
'investigation_status': 'Ongoing (authenticity unverified)',
'motivation': 'Financial gain, identity theft, phishing attacks',
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Public denial of breach and data '
'connection'},
'threat_actor': 'Unnamed cybercriminals',
'title': 'Alleged T-Mobile Data Breach: 64 Million Records Leaked on Dark Web',
'type': 'Data Breach'}