It seems like the famous American telco T-Mobile is cursed to suffer constant security incidents. After sustaining a data breach in February 2021, T-Mobile recently announced that it is investigating an unauthorized intrusion that could have allowed access to its user data that is otherwise inaccessible.
In an official statement, the telco said, “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously, and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims. We are coordinating with law enforcement.”
While T-Mobile did not reveal the details about the kind of data breached or the number of affected users, a report claimed that attackers obtained sensitive information related to over 100 million users from T-Mobile servers. The accessed information includes customers’ names, contact details, social security numbers, addresses, IMEI numbers, and driver license details. Threat actors are allegedly selling the obtained data on darknet forums and asking for Bitcoins.
However, T-Mobile stated it has not yet determined whether any customer data has been exposed. “We are confident that the entry point used to gain access has been closed, and we are continuing our in-depth technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time, but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others,” T-Mobile added.
An Act of Revenge
Alon Gal, the CTO of cybercrime intelligence firm Hudson Rock, claimed that attackers performed this leak to cause damage to the U.S. critical infrastructure.
— Alon Gal (Under the Breach) 🦇🔊 (@UnderTheBreach) August 15, 2021
Customers of T-Mobile services, who are concerned about their private data being vulnerable, can apply the following security measures to prevent potential cyberthreats:
- Monitor all your accounts to find any unauthorized/fraudulent activity. Don’t forget to report if you find any suspicious activity.
- Use a credit monitoring service to ensure data privacy.
- Do not respond to suspicious emails/messages received from unknown sources.
- Change passwords of all your online accounts.
Data breaches can result in loss of trust among customers and impact the brand value of a business. Hence, paramount security is critical in ensuring the protection of confidential data.