T-Mobile validated hacking news: Investigation ongoing for customer data breach
Hacking and data breaches are not out of the blue news anymore and it's no different for major brands like T-Mobile. Many forums on the dark web are especially known for containing leaked information and data that was not meant to be there in the first place. One of those forum posts claimed they are selling a lot of personal data from the T-Mobile servers. The post was hesitant and did not mention T-Mobile directly, but according to Vice, the seller had contact with Motherboard, and they told data came from T-Mobile servers of 100 million people. It is a matter of concern nonetheless.
Bitglass CTO Anurag kahol said, "It's concerning when it takes an organisation month, or even years, to recognise that a misconfigured server has enabled a breach or a leak." He also added," the details are hazy, and it's not clear when the data may have been accessed." A company as large as T-Mobile has lots of functionality under the radar, and a single breach may go unnoticed. It is pretty standard for accidents to happen, but the bridge of connection stayed long enough to source millions of customer data without a fix became a title. The company has a reputable mobile communications business and is a leading global brand. Czech Republic, Netherlands, US, Poland are also served by the German-based telecommunications company Deutsche Telecom AG.
Among stolen data, there were social security numbers, driver's license information, IMEI numbers, phone numbers, physical addresses and other personal information's. As Motherboard was able to see a stolen good sample, they confirmed data was of T-Mobile customers. T-Mobile said that they "are aware of claims made in an underground forum and have been actively investigating their validity." They also said, "we do not have any additional information to share at this time." Follow up questions were denied on the subject. Multiple T-Mobile servers were compromised, and it leaked sensitive customer information, but the seller denied they were customer information directly.
Vice President of EMEA, Digital Guardian, Richard Orange, said, "Is it worrying that companies such as T-Mobile continue to suffer these data breaches when they stand to face such a significant fine and reputable damage. T-Mobile now must thoroughly investigate what led to the breach, then build a remediation strategy that can help to avoid those same pitfalls in the future."
The hacker or hacker group responsible for the action asked for $270,000 as a ransom for 30 million customer data containing SSN and driver licensees, equivalent to 6 bitcoins. The rest of the data is sold privately to different customers, which proved the hackers did not just target a company. They targeted money as the primary one. For that, they are cashing out with as much data as possible. Hackers later responded as the server penetration was fixed, "I think they already found out because we lost access to backdoored servers." As T-Mobile blocked them out of their servers, the hackers responded that they already collected data locally and "It's backed up in multiple places."
T-Mobile said they do not have additional information to share currently, but they are investigating the issues. It came to notice that the company came across multiple data breaches over the years, and T-Mobile has no idea when the last breach started in the first place, which is a matter of concern because companies as vast as T-Mobile has tons of customer data and sensitive information.
Anurag Kahol said, "Even smaller companies with limited IT resources must ensure that they are properly securing data. Companies - of all shapes and sizes - must realize that the implications of failing to invest in their cybersecurity readiness are widespread, posing major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation." On another note, Richard said, "Cybersecurity programs should ensure that emphasis is placed on the security of the data itself – and not just on networks, servers and applications. Shifting the focus towards identifying, controlling and securing sensitive data assets may not prevent a cyber breach, but it will minimise data loss."