The letter does not mention T-Mobile contacting law enforcement or hiring a third-party forensics firm, which is customary in these cases. T-Mobile reset users’ PINs and provided two years of not paying credit monitoring and identity theft services. Full names, contact information, accounts and (phone numbers, T-Mobile account PINs, Social Security numbers, government IDs, dates of birth, balance due, and internal codes used by T-Mobile to service) client accounts were stolen. T-Mobile’s April 28 letter to affected customers, defined the breach as a bad actor obtaining access to a small number of consumers’ data between late February and March. reported its eighth data breach since 2018, affecting fewer than 1,000 users instead of 37 million in the latest hack. That period of time would have been significantly shorter if automation had been used. The agreement stipulated that $150 million would be used to improve data security while $350 million would go toward a settlement fund.Īccording to Dror Liwer, co-founder of the cybersecurity firm Coro Security Ltd., “this incident highlights the need for smart automation when it comes to containment and remediation of data breaches.” “T-Mobile put safeguards in place to warn them of unauthorized activity, but the attacker had access to the information for a month,” said the company. ![]() In April 2022, Lapsus$ also gained access to T-Mobile’s internal systems.Īs a result of the breach in August 2021, T-Mobile consented to pay $500 million to resolve a class action lawsuit in July. Prepaid customer data was stolen in November 2019, employee and customer data was stolen in March 2021, and 2 million customer details were stolen in August 2018. Previous T-Mobile hacks include the theft of 48 million records in August 2021 and the theft of 2 million customer records in August 2018. The theft began on or around November 25 and wasn’t discovered until January 5. In the breach that was previously revealed in January, 37 million customer records, including personally identifiable information, were stolen. It’s the latest in a string of data breaches at T-Mobile. To its credit, the business continues to remain ahead of malicious actors we must continue to improve our measures to prevent unwanted access like this. T-Mobile mentions twice in the letter that it takes these problems seriously, but considering the company’s history of hacking, this is a highly speculative statement. Nevertheless, the corporation undoubtedly already has a third-party firm on hand, and the most recent breach may have been simply added to earlier investigations. The letter makes no mention of T-Mobile getting in touch with law authorities or employing a third-party forensics company, which is often the case in similar situations. No call records or financial account information were impacted.Ĭustomers who were impacted have had their PINs reset by T-Mobile, and they are also being given additional two years of free credit monitoring and identity theft services. The information obtained includes complete names, contact details, account numbers, and associated phone numbers, T-Mobile account PINs, Social Security numbers, government-issued IDs, dates of birth, balance due, and internal codes used by T-Mobile to service client accounts. T-Mobile is alerting customers of a second data breach since the start of the year after discovering that attackers had access to some customers' personal information for more than a month, starting late February 2023 – - BleepingComputer May 1, 2023
0 Comments
Leave a Reply. |