An online post on an "underground forum" is where this story apparently kicks off, which claimed there were oodles of personal data up for sale.
Although the post didn't mention T-Mobile, the sellers subsequently told Motherboard that the data related to over 100 million people and that it had all been filched from T-Mobile servers.
It's a real treasure trove if the claims are true. As well as social security numbers, phone numbers, names, physical addresses and unique IMEI (international mobile equipment identity numbers), the sellers have even got their hands on driver license information.
Motherboard said it had seen samples of the data and confirmed they contained "accurate information" on T-Mobile customers. How the news outlet managed to do that was not made clear.
Another detail to emerge is that a subset of the data, containing around 30 million social security numbers and driver license information, is apparently yours if you can cough up 6 bitcoin (around $270,000 says Motherboard). The rest of the data, according to the sellers, is up for grabs "privately."
T-Mobile told Motherboard in a statement that "we are aware of claims made in an underground forum and have been actively investigating their validity." It added that it didn't have additional information to offer.
According to the sellers, T-Mobile can investigate all it likes but the damage has already been done.
Want to know more about security? Check out our dedicated security channel here on Light Reading.
They went on to say that the operator is already aware of the breach and responded, because it lost access to the "backdoored servers." But the data, they noted, had already been downloaded locally and backed up in multiple places.
Earlier this year, T-Mobile said hackers gained unauthorized access to some of its customers' personal information, including potentially phone numbers and call records.