Update: T-Mobile confirms/denies breach

T-Mobile has made a statement regarding the investigation into hacker claims that customer data was stolen and made available to online bidders, although more questions were raised than answered.

T-Mobile confirmed that some information included in the original post to the Full Disclosure mailing list is accurate, but insisted that there was no breach of confidential data. From T-Mobile’s statement on the matter:

Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers’ information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.

While the company insists that customer data is safe, the nebulous nature of the statements made don’t exactly come across as reassuring. If some data is accurate, what kind of data is it? And how was it obtained? Speculation includes leaking of confidential documents and “dumpster diving” for improperly disposed of consumer data.

Details on how the data may or may not have been obtained are still under wraps pending investigation, but it seems more information is needed from T-Mobile before subscribers can rest assured.