After suffering a data breach last year, US telecommunications company T-Mobile hired a third party who tried to buy back the company’s stolen data before it could be widely distributed online .
As reported by Motherboardthe plan ultimately failed as the cybercriminals responsible continued to sell the company’s data on an online hacking forum despite paying a total of $200,000 to have their copy removed.
The news outlet only recently learned that a third party hired by T-Mobile tried to buy back the telecommunications company’s stolen customer data after the Justice Department unsealed an indictment against Diogo Santos Coelho, who would be the administrator of the famous hacking site RaidForums.
While Coelho was arrested in the UK in March this year, an affidavit regarding his extradition to the US contained new information about the T-Mobile data breach, although the company was not named. named.
Buying stolen data from cybercriminals
According to the affidavit, a RaidForums user going by the name “SubVirt” posted the original post on the site offering to sell a stolen database containing social security numbers, dates of birth, driver’s licenses and personal data. other sensitive information from 124m T-Mobile. customers.
A third-party employee hired by T-Mobile responded to the message and purchased a sample of the database data for $50,000 in Bitcoin. After reviewing the sample, they then purchased the entire database for around $150,000 on the condition that SubVirt delete their copy of the data. This would prevent T-Mobile customer data from ending up in the hands of other cybercriminals who could use it to commit fraud, identity theft, phishing attacks and other cybercrimes.
After being paid $200,000 for the database, SubVirt and the other hackers behind the breach continued to try to sell the company’s stolen customer data on RaidForums. Although the court documents do not name the third party hired by T-Mobile, in a statement in August the company’s CEO, Mike Sievert, explained that his investigation into the breach had been “supported by world-class security experts world Mandiant from the very beginning”.
Paying cybercriminals is not unusual and it happens regularly when organizations fall victim to ransomware attacks. Just like in this case, however, cybercriminals may not keep their end of the bargain, which is why the FBI and other law enforcement agencies say never to pay a ransom.