“To reaffirm, the protection of our customers’ information and the security of our systems is paramount at T-Mobile.  Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.  We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers’ information and our systems are protected.  At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.”

While this information is anything but confirmed, there seems to be enough evidence to at least substantiate the claims to the point where they have swept the net, from Engadget to BGR to other mobile and technology sites.  The hackers claimed to have taken all information from T-Mobile’s systems, including subscriber information, addresses, phone numbers, and more. Information from the hackers has been posted on seclists.org, along with some code to prove that they made their way into T-Mobile’s systems. If you look at the code, you will see mentions of Callertunes-related information, as well as Billing, Collection Management, Retail information, Suncom, and more, all of which can seemingly be found on T-Mobile or MyT-Mobile.com. The hacker’s released a statement in slightly broken English, stating that:

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is

available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.

We already contacted with their competitors and they didn’t show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.

Please only serious offers, don’t waste our time.

Read the full statement.

Of course there are major concerns from T-Mobile’s 30-million subscribers, after claims like this surface on the Internet.  After being contacted by various blogs, T-Mobile released a statement in response, stating that:

“The protection of our customers’ information, and the safety and security of our systems, is absolutely paramount at T-Mobile. Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible.”

Stay tuned as we look into these claims, and wait to here back from T-Mobile’s cyber security department.
[Via Engadget]