T-Mobile Data Breach: What Happened and What We Do Next.

Telecommunications company T-Mobile reported Monday that they are investigating the specifics of a data breach that hackers claim may have leaked the personally identifiable information (PII) of over 100 million customers. The majority of the data is said to contain social security numbers, addresses, dates of birth, security PINs, and other sensitive information unique to many of their US customers.

Vice.com originally broke the news on Sunday night, alerting millions T-Mobile customers that their information may have been leaked. A T-Mobile spokesperson had this to add on this recent development “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

When asked about what they have been doing internally in response to the breach, T-Mobile had this to add “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.”

How did we get here?

Reports show that this investigation began after a Twitter user @und0xxed started tweeting details about the breach. This user has confirmed that they were not involved in the operation to steal the information but were instead charged with finding buyers for the stolen T-Mobile data. This user disclosed that the hackers had found an opening in T-Mobile’s network that granted access to two T-Mobile customer data centers. From there the assailants worked to exfiltrate the data and made a ransom demand of 6 bitcoins or roughly $275,000 USD in exchange for 30 million social security numbers they had stolen.

What does this mean?

A large amount of the information breached was already widely available. Much of the personally identifiable information harvested can be found on numerous public records sites. This coupled with the reality that most people’s data may have been leaked previously without their knowledge, signals that this breach may not be as damning as first expected. However, this information may have been available before, but now that threat actors have a database that connects these records together, the damage could be much greater

Wireless customers across the U.S will have to be hypervigilant in the coming months to an onslaught of phishing campaigns they should expect to receive. This tying together of data and records will allow hackers to craft highly sophisticated phishing messages that will be much believable than previous attempts. Names and phone numbers are easy to find, but when that information is tied together with addresses and your unique mobile provider, threat actors can create the perfect message to convince you to click on that link.

What is the solution?

Recent data breaches like this have began to numb the public to their data being disclosed online. Admittedly most of your sensitive data is already available to hackers across the world. However, there are still plenty of steps users can take to protect themselves or at least limit the ramifications if your data was stolen.

First, for all T-Mobile customers immediately change your T-Mobile security PIN and password. Usually companies that have been affected by data breaches offer some sort of free credit monitoring to victims of the attacks. Be sure to keep a look out for any communications from your mobile provider regarding these services. Additionally, users can go to https://haveibeenpwned.com/ to see if they are the victim of any previous data breaches.

Other great steps to help mitigate your risk from data breaches online are: installing a password manager to generate strong and unique passwords for all the websites you use, enabling multi-factor authentication whenever possible to reduce the likelihood of one password or code granting immediate access to an account, carefully checking your emails for any signs of phishing or other spam attempts. As always if the link looks to good to be true, do not click on it.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.