Back to Blog
Tmobile data breach6/23/2023 ![]() ![]() SEE: Mobile device security policy (TechRepublic Premium) ![]() Fortunately, the API did not leak other personal data such as payment card numbers, Social Security numbers, driver’s license numbers, passwords, or PINs, according to T-Mobile. In its filing, the company didn’t name the API that was affected or explain how the hackers were able to exploit it. Recommendations for T-Mobile customers and organizations that work with APIs.T-Mobile’s stolen customer data a gold mine for hackers.Misconfigured API the culprit of T-Mobile’s data breach.Securities and Exchange Commission, noting that the impacted API provided the hackers with names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and plan features for 37 million current postpaid and prepaid customers. 19, T-Mobile revealed the breach in a filing with the U.S. T-Mobile and millions of its customers have been the victims of another data breach - this one apparently carried out by hackers who knew how to exploit an application programing interface used by the carrier. The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. And Keller notes that even the class action route may be difficult to travel, because of a clause in T-Mobile contracts that can force customers into arbitration.How hackers stole the personal data of 37 million T-Mobile customers Opderbeck says that his research has shown more than 30 data breach settlements in the last few years that resulted in a small cash payout and free credit monitoring as restitution. If T-Mobile does face repercussions for the breach-its sixth in four years-it would more likely come from a class action lawsuit. “The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating.” “Telecommunications companies have a duty to protect their customers’ information,” an agency spokesperson said in an emailed statement. For a more extreme but still prudent precaution, you can contact the three major credit bureaus and request a freeze on your credit report, which would stop anyone from accessing it or opening new accounts in your name.īecause the US lacks a comprehensive cybersecurity law, agencies like the Federal Communications Commission and Federal Trade Commission have limited ways to apply pressure, says Seton Hall’s Opderbeck, although the incident has already attracted FCC scrutiny. You should start using app-based two-factor authentication wherever possible, rather than receiving those codes by text. You should take the free two years of ID monitoring, although it’s not yet clear how that will work in practice. In the meantime, if you’re a current T-Mobile customer you should go ahead and change your PIN and password you can do so from your T-Mobile account online. Even sharing something as simple as a timetable would help, LaCour says, so that people could know they’re in the clear if they haven’t been a T-Mobile customer for a certain number of years. The carrier didn’t respond to an inquiry from WIRED as to what if any specific plans it had for that communication, and what specific information they’ll be sharing with people whose data was compromised. Instead, T-Mobile says it will rely on proactive outreach to victims. Or if the company was going to stockpile that data, why it didn’t take better precautions to protect it. The bigger question, though, is whether T-Mobile really needed to hold on to such sensitive information from 40 million people with whom it doesn’t currently do businesses. There’s no good news here, but the slightly less bad news is that the vast majority of customers appear not to have had their phone numbers, account numbers, PINs, passwords, or financial information taken in the breach. The investigation is ongoing, which means that the tally may not stop there. An additional 850,000 prepaid customers-who fund their accounts in advance-had their names, phone numbers, and PINs exposed. Those roughly 48 million users had their full names, dates of birth, social security numbers, and driver’s license information stolen. Another 7.8 million are current “postpaid” customers, which just means T-Mobile customers who get billed at the end of each month. Instead, T-Mobile says that of the people whose data was compromised, more than 40 million are former or prospective customers who had applied for credit with the carrier. Assorted data from more than 48 million people was compromised, and while that’s less than the 100 million that the hacker had initially advertised, the vast majority of those affected turn out not to be current T-Mobile customers at all. In an email overnight, T-Mobile shared details about the data breach it confirmed Monday afternoon.
0 Comments
Read More
Leave a Reply. |