A T-Mobile spokesman said on Tuesday that data someone posted to a security e-mail list over the weekend was legitimate T-Mobile data but not customer information, and that the phone company's network was not hacked or breached as the poster claimed.
The statement raises more questions than it answers. If indeed there was no network hack, could there have been an inside leak? Or could it have been something as low-tech as dumpster diving, in which records are obtained from trash bins outside a company's offices?
All T-Mobile would say is that it is investigating how the information was obtained.
On Saturday, someone posted to the Full Disclosure e-mail list claiming to have hacked into T-Mobile's computer network.
"We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the poster wrote, adding that the data was being offered up to the highest bidder. As evidence of the hack the post included a bunch of lines of codes that look like they reference some operating systems and possibly IP addresses.
T-Mobile said the data is not customer data, but declined to say what it is. On Monday, T-Mobile said it was investigating the situation.
Then late on Monday, the company issued a statement that said: "Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers."
On Tuesday, T-Mobile issued an updated statement that removed that wording and added: "The company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected."