A malicious hacker penetrated the network of mobile phone company T-Mobile USA and accessed information on 400 of the company's customers, including sensitive information from the account of a U.S. Secret Service agent, according to statements by T-Mobile and the Secret Service.
In an e-mail statement, the Bellevue, Washington, mobile carrier acknowledged that Nicholas Jacobsen, a California-based hacker, compromised its internal computer systems in 2003 and viewed the Social Security numbers of 400 customers. A Grand Jury in California charged Jacobsen with one count of unauthorized impairment of a protected computer and one count of unauthorized access to a protected computer, according to a copy of the indictment.
Included among the customers was a U.S. Secret Service agent who had agency materials linked to Secret Service investigations stored on T-Mobile systems. That information was obtained by Jacobsen, but did not compromise any ongoing work, according to Secret Service spokesman Jonathan Cherry.
The unnamed Secret Service agent violated rules that forbid sensitive documents from being copied to other computer systems, Cherry said. He would not comment on whether the agent would be punished for the breach of policy.
The statement from T-Mobile, which is now part of Deutsche Telekom AG, shed some light on published allegations that Jacobsen used his access to T-Mobile to explore the accounts of members, including the U.S. Secret Service employee and celebrity cell phone accounts that stored snapshots taken on T-Mobile phones.
The company said that Jacobsen is believed to be involved in other attempts to gain access to customer information and that it is cooperating with the Secret Service in investigating those allegations, including allegations about access to customer photos.
T-Mobile claims that it discovered the intrusion on its network in Oct. 2003, then reported it to the U.S. Secret Service. After launching an investigation into the hack, the Secret Service found that its own agent was a victim of information theft, and contacted T-Mobile about the leak of sensitive documents over its network in 2004, according to Kyle Warnick, a company spokesman.
The Secret Service could not comment on published reports that an informant alerted agents that sensitive documents were circulating on the hacker underground, Cherry said.
Customers whose accounts were accessed by Jacobsen were notified in writing about the breach, in accordance with California law, in early 2004, but only after the company received clearance from the Secret Service. T-Mobile is unaware of any problems with those accounts stemming from the hack.
Safeguarding customer information is a top priority for T-Mobile, the company said.