Hacker breaks into Capgemini's system and uploads stolen data on a forum [Updated]

0comments
T-Mobile Capgemini breach
Update from September 17, 2024

We have been informed that the entity T-Mobile mentioned by the leaker is not the same as T-Mobile US. This means that the leak doesn't contain any data related to T-Mobile US.

The original story from September 16, 2024, continues below.


T-Mobile was involved in another data breach, this time at the hands of Capgemini, an information technology services and consulting company headquartered in Paris, France.

Capgemini boasts an impressive clients' roster and says that 85 percent of the companies on the Forbes Global 2000 list are its customers.



A cybercriminal who calls themselves "grep" claims to have broken into Capgemini's system and stolen 20GB of sensitive information, including databases, source code, credentials, and employee information, reports Cyber Insider.

T-Mobile's virtual machine logs, internal project files, and confidential information were also compromised during the data breach, which was first announced through a post on BreachForums. Samples provided by grep include SQL entries mentioning employee credentials and user permissions. The threat actor also siphoned off data on Capgemini employees.

A similar post was also made on a dark web forum, though it's not clear whether it was authored by grep.



Grep says that they could have stolen even more data, but decided to only go for big, confidential files.

Capgemini hasn't yet confirmed whether it was breached by hackers. Under the General Data Protection Regulation (GDPR), companies across the European Union, including France, must disclose data breaches within 72 hours of learning about them.

It's not known whether T-Mobile has been alerted about the break-in and how much of its data was compromised during the breach. While T-Mobile may not be held directly responsible for not doing enough to prevent the data leak, it's not going to be a good look for the company, which was fined $60 million earlier this year by the Committee on Foreign Investment in the United States (CFIUS) for not being able to prevent unaothorized access to sensitive data between August 2020 and June 2021 and not informing the committee about the issue promptly.

Meanwhile, customers awaiting a payout for the 2021 breach that impacted 76.6 million T-Mobile users will likely receive their share of the settlement fund as soon as matters delaying payments are officially resolved.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless