The mobile phone provider said Wednesday that it discovered the breach in late 2003 and immediately took steps to lock out the intruder. A subsequent investigation found that the unidentified person had accessed the name and Social Security numbers of 400 T-Mobile customers. The customers were notified in writing of the incident, the company said.
"We immediately notified the United States Secret Service and asked it to investigate this incident and to find the hacker," T-Mobile said in the statement provided to CNET News.com.
The incident, first reported by online security information site SecurityFocus, came to light after 21-year-old Nicolas Jacobsen was charged with the crime. A grand jury indictment charges Jacobsen with two counts of violating the U.S. Computer Fraud and Abuse Act, but does not name the victim.
However, T-Mobile's statement leaves questions. While the mobile-phone service claimed to have locked out the intruder in late 2003, the indictment states that the network trespass for which Jacobsen is being charged happened between March 15, 2004, and Oct. 26, 2004.
The SecurityFocus report also points to several pictures that have appeared on the Internet, which apparently were stolen from the accounts of celebrities.
T-Mobile did not immediately comment on the discrepancies, but in its statement it hinted that its network may have fallen prey to the same hacker.
"This same person is also believed to be involved in other attempts to gain unauthorized access to customer information," the company said. "The Secret Service is investigating these allegations, and T-Mobile is cooperating to the fullest extent, including with regard to the allegations that customer photos have been subject to unauthorized access."
