I received an updated statement from T-Mobile overnight. Their revised statement confirms that at least some data were stolen, but they do not confirm that the breach described on the the Full Disclosure mail list was as extensive as the hackers claimed when they posted, “We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.” The company reports:
To reaffirm, the protection of our customers’ information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.
T-Mobile reports that they are continuing to investigate the claims and “have taken additional precautionary measures to further ensure our customers’ information and our systems are protected. ”
That may be all we hear for a while:
At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.
Jeremy Kirk of IDG News Service apparently received the same press statement and adds a bit more detail on Computerworld.
Update 2: Well, maybe what they said did not convey to many of us what they hoped to convey. Now it appears that the document that was obtained was not obtained by a hack. See this post for for a much clearer statement from them.