Hackers have claimed to leak a database containing 64 million records linked to T-Mobile, one of the largest mobile carriers in the U.S. The data was posted on a well-known leak forum and is alleged to be as recent as June 1st, 2025.
T-Mobile has not yet confirmed the breach. The dataset appears to contain a broad range of personally identifiable information (PII), some of which could be new to previous leaks.
What the Leaked Dataset Contains
According to Cybernews researchers who reviewed a sample from the leak, the stolen information includes:
- Full names
- Dates of birth
- Tax identification numbers
- Physical addresses
- Phone numbers
- Email addresses
- Device IDs
- Cookie IDs
- IP addresses
This combination of data could enable a wide range of cybercriminal activity—from identity theft to financial fraud and highly targeted phishing attacks.
“If this data is legitimate, exposing 64M lines of highly sensitive information poses a serious threat of identity theft/fraud, surveillance, and further, better-targeted attacks on customers,”
— Cybernews research team
The inclusion of device IDs, cookie data, and IP addresses may give attackers insight into online behavior patterns. Such intelligence could help them conduct spear phishing campaigns targeting specific individuals or organizations.
Data Overlap and Verification Challenges
One complication in verifying the scope of the breach lies in data duplication. Some email addresses in the dataset were found in previous T-Mobile leaks, leading to questions about how much of the 64 million lines represent new victims.
That said, researchers noted some new data points, such as phone numbers and identifiers, which were not part of earlier T-Mobile exposures.
Despite the detailed dataset, the researchers could not determine with full certainty whether it represents 64 million unique individuals or includes duplicated data entries.
T-Mobile’s Ongoing Struggles with Cybersecurity
If validated, this would add to T-Mobile’s long list of security incidents over the last five years. The company has faced multiple data breaches, including:
- August 2021: Data of 76.6 million customers exposed
- January 2023: Details of 37 million individuals leaked
- 2022 and 2023 incidents: Breaches involving management systems and account credential theft
In October 2024, T-Mobile agreed to pay over $15 million to settle regulatory claims tied to four separate cybersecurity failures.
T-Mobile, owned by Deutsche Telekom, serves around 131 million customers in the United States. The company generated $81 billion in revenue in 2024. Deutsche Telekom remains the largest telecom provider in Europe and ranks fifth globally.
As of now, no formal statement from T-Mobile has been issued regarding this latest alleged breach. Cybernews has reached out to the company for comment. The story will be updated as more information becomes available.
