Incident Of The Week: T-Mobile Data Breach Impacts 2M Customers

[Featured Image: Tupungato/Shutterstock.com]

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a pervasive data breach at the telecommunications provider T-Mobile, affecting approximately 2 million customers.

In an advisory on its website, T-Mobile wrote: “Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.

“On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information…and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.

“However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”

See Related: Incident Of The Week: 567K Accounts Exposed In Cheddar's Restaurant Breach

[Photo: Allmy/Shutterstock.com]

The company has availed itself to customers who have questions about the incident. Further, it wrote: “We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”

According to an update on the story from Motherboard, T-Mobile reportedly told the outlet that “encrypted passwords” were included in the compromised data.

The Motherboard report also holds some other insights into the August cyber-attack.

A T-Mobile spokesperson told the site that the breach affected about 3% of its 77 million customers and happened “early in the morning on Aug. 20.” It’s believed that the hackers were a part of “an international group” and accessed company servers through an API that did not hold financial or very sensitive data.

See Related: Incident Of The Week: Indian Bank Loses $13.5M In Costly Cyber-Attack

This is not the first time that T-Mobile has fallen under threat-actor crossfire. In 2015, a breach impacting 15 million customers affected social security numbers. Motherboard also notes that in February, the company detected a bug in a T-Mobile site that would’ve allowed for account hijacking. The vulnerability was repaired before being exploited.

It also dealt with a SIM swapping event in October 2017, where nefarious actors were able to view personally identifiable information (PII) with just a phone number.

T-Mobile has also remained in the news cycle of late, due in part to a proposed merger with fellow mobile carrier, Sprint. (And perhaps that has drawn continued attention from nefarious cyber-actors.)

According to Ars Technica, lobby groups for small carriers are saying that T-Mobile’s proposed acquisition of Sprint would harm competitors and consumers.

A number of groups have filed petitions with the Federal Communications Commission (FCC) to block the merger.

As the carrier continues its crisis management over the data breach, it’s apparent that it will continue to stay at the forefront. From a cyber-attack perspective, that could hint at more anomalous behavior.

Be Sure To Check Out: Incident Of The Week: Attackers Breach Reddit Via SMS Intercept