Experts Insight On Hacker Accessed T-Mobile Employee Email Accounts And User Data

T-Mobile recently announced a security breach affecting its employees and customers. According to the company’s data breach notification published on the company’s website, the breach occurred due to an attack” against its email vendor. The hacker(s) were able to access some T-Mobile employee email accounts, which contained T-Mobile account information belonging to various customers and employees, such as:

  • Names
  • Addresses
  • Phone numbers
  • Account numbers
  • Rate plans and features
  • Billing information

Experts Comments

March 06, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
In light of the obscure circumstances and clouded scope of the reported breach, it would be premature to assess the overall damage or speculate about the eventual consequences. For the time being, T-Mobile's public response seems to be adequately adapted to the nature of the breach, aimed at minimizing damage and protecting potential victims. This does not, however, shield T-Mobile from individual lawsuits and class actions from the victims, but will likely minimize any penalties that.....Read More
In light of the obscure circumstances and clouded scope of the reported breach, it would be premature to assess the overall damage or speculate about the eventual consequences. For the time being, T-Mobile's public response seems to be adequately adapted to the nature of the breach, aimed at minimizing damage and protecting potential victims. This does not, however, shield T-Mobile from individual lawsuits and class actions from the victims, but will likely minimize any penalties that regulators may impose. The victims will likely have to prove negligence or another relatively complicated legal basis to successfully sue, and most importantly, will have to establish their damages or seek an applicable statute that may quantify compensation. This security incident highlights the wide spectrum of critical risks stemming from third-party vendors and suppliers. Worse, such incidents are infrequently discovered given their complexity and lack of visibility. Most organizations merely rely on vendor SAQ and paper questionnaires without ascertaining that security controls are properly put in place. Obviously, this omnipresent practice is largely dictated be economic practicality, however, another solution, that would balance the financial burden and risk mitigation, is urgently required.  Read Less
March 06, 2020
Wade Woolwine
Principal Security Researcher
Rapid7
When organizations consider outsourcing or SaaS’ing traditional enterprise IT services, like email, special considerations need to be made for threat monitoring. Not only must the outsourced service or technology integrate with your existing logging and monitoring initiatives, but you may need to consider a new set of attack vectors to monitor for. In the case of outsourcing email to a SaaS provider, adding a layer of user behaviour analytics to detect brute force attacks, authentications.....Read More
When organizations consider outsourcing or SaaS’ing traditional enterprise IT services, like email, special considerations need to be made for threat monitoring. Not only must the outsourced service or technology integrate with your existing logging and monitoring initiatives, but you may need to consider a new set of attack vectors to monitor for. In the case of outsourcing email to a SaaS provider, adding a layer of user behaviour analytics to detect brute force attacks, authentications from unusual geographies, and simultaneous authentications from different geographies will address some of the new threats you might experience in the transition. Lastly, in the event you must outsource the storage or transport extremely sensitive data, additional measures for access control (like network ACLs, VPNs, multi-factor authentication) and data encryption can help mitigate any breaches that may occur.  Read Less
March 06, 2020
Peter Goldstein
CTO and Co-founder
Valimail
In an era when BEC attacks are proving to be a highly popular and effective attack method, these types of incidents are unfortunately far too common. T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts. With access to a plethora of personal data on past and current customers and employees, hackers can potentially trade this data for profit in dark web marketplaces, or use it to commit account takeover, identity.....Read More
In an era when BEC attacks are proving to be a highly popular and effective attack method, these types of incidents are unfortunately far too common. T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts. With access to a plethora of personal data on past and current customers and employees, hackers can potentially trade this data for profit in dark web marketplaces, or use it to commit account takeover, identity theft, or other scams. In fact, phishing campaigns often follow hot on the heels of breaches like this. Leveraging the compromised data, the malicious actor could target customers with extremely convincing phishing emails that appear to come from the breached company in order to harvest more sensitive information from them. As phish become increasingly hard to identify, sender identity-based email security solutions are a powerful defense that can help thwart these attacks at their source.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.