100 Million User T-Mobile Breach? – Multiple Comments

By   ISBuzz Team
Writer , Information Security Buzz | Aug 17, 2021 02:20 am PST


T-Mobile confirmed Sunday that it is looking into an online forum post claiming to be selling personal data of 100,000mm customers. If you are planning to provide continuing coverage for this story, here are comments from several of our experts.

Notify of
8 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Sascha Fahrbach
Sascha Fahrbach , Security Evangelist
August 17, 2021 3:03 pm

<p>This incident will be one of the largest and most serious data leaks compromising sensitive consumer information this year. What’s more, it confirms that T-Mobile is becoming ever more infamous in terms of its cybersecurity flaws.  This marks the second data leak for T-Mobile this year; in February, it suffered a massive SIM hijacking attack. To add to their woes, there were more breaches, five in the last four years. In each case, hackers were able to gain access to employee as well as customer data. Of course, no organization is impervious to attacks, but the frequency and scale of these cyber incidents do beg the question: how seriously is T-Mobile taking its cybersecurity?”</p>
<p>It is very likely that all the sensitive data that hackers have exfiltrated will now be weaponized in various forms to create advanced phishing attacks which will target victims. Our personal data has immense value to cybercriminals; they will use social security numbers, addresses and phone numbers to muster further attacks and gain more personal data, which can be used for more identity theft, financial fraud, and other damaging activities.</p>
<p>The attack seems to highlight once again that many organizations are still not able to reduce their attack surface and limit lateral movement once trusted systems and assets have been breached. Overall, companies need more segmentation to avoid their most vital data being taken. Utilizing a Zero Trust strategy would certainly be an advantage in this scenario, ensuring that segmentation and authentication remain razor tight.</p>
<p>T-Mobile needs to adopt many lessons, the chief of which is that holistic security needs an engaged workforce on all levels. It will not be simply a matter of hiring a CISO but ensuring that proper procedures and tools are implemented across the organization, including its third-party suppliers and contractors. Zero Trust needs to lead the way here if consumer and investor confidence is ever to return.”</p>

Last edited 2 years ago by Sascha Fahrbach
Christos Betsios
Christos Betsios , Cyber Operations Officer
August 17, 2021 2:39 pm

<div dir=\"ltr\">
<p>Now that T-Mobile has confirmed this incident, it needs to work round the clock to identify who has been affected and what data has been accessed. The longer this process takes, the more time attackers have with this information to commit more crimes. While there can be no denying that data breaches are commonplace today, you would hope a company as large as T-Mobile would learn from previous incidents to harden its systems and improve security. Reports have suggested the company has already been impacted by as many as six separate data breaches, this raises alarm bells and highlights that the company’s security program has a number of flaws that need to be fixed.</p>

Last edited 2 years ago by Christos Betsios
Garret F. Grajek
August 17, 2021 10:29 am

<p>Enterprise needs to be aware that hackers are constantly scanning our sites and resources for weaknesses. Zero Day threats are real – where hackers are identifying known and unknown weaknesses.   Thus, we have to be cognitive of the attacker \"cyber kill chain\" – where attackers step through a process of reconnaissance, intrusion, exploitation – which eventually leads to privilege escalation and lateral movement across the enterprise in search of data like this T-mobile data. Enterprises should focus upon their current access policies and triggers on changes to identities in key groups to harden IT system security.</p>

Last edited 2 years ago by Garret F. Grajek
Tom Garrubba
Tom Garrubba , Senior Director and CISO
August 17, 2021 10:28 am

<p>We are seeing these RaaS organizations becoming increasingly bold in their ransom efforts, and it appears (according to the Motherboard report) that the seller claimed they’ve “lost access to the backdoored servers,\" indicating they’ve been detected. This poses the question: what techniques does T-Mobile (or any other organization, for that matter) require to prevent threat actors from coming through the “back door”?  While threat actors need only to be successful once in compromising data, organizations need to be on their toes constantly and must consistently revisit their tools and techniques to ensure they’re covering all exposure points to their crown jewels – their customer or proprietary data.</p>

Last edited 2 years ago by Tom Garrubba
Ron Bradley
August 17, 2021 10:26 am

<p>The sad reality is, there are very few of us that haven\’t had our personal information compromised (likely multiple times).  It\’s incumbent upon all consumers to take basic steps to protect themselves such as freezing their credit, using password managers, creating at least one throwaway email address, and being on the lookout for techniques such as SIM swapping (particularly in the case of T-Mobile users).</p>

Last edited 2 years ago by Ron Bradley

Recent Posts

Would love your thoughts, please comment.x