INSUBCONTINENT EXCLUSIVE:
T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password
data) was exposed to a malicious actor
The company alerted the affected customers but did not provide many details in its official account of the hack.
The company said in its
disclosure to affected users that its security team had shut down &malicious, unauthorized access& to prepaid data customers
The data exposed appears to have been:
Name
Billing address
Phone number
Account number
Rate, plan and calling features (such as paying for
international calls)
The latter data is considered &customer proprietary network information& and under telecoms regulations they are
required to notify customers if it is leaked
The implication seems to be that they might not have done so otherwise
Of course some hacks, even hacks of historic magnitude, go undisclosed sometimes for years.
In this case, however, it seems that T-Mobile
has disclosed the hack in a fairly prompt manner, though it provided very few details
When I asked, a T-Mobile representative indicated that &less than 1.5 percent& of customers were affected, which of the company
approximately 75 million users adds up to somewhat over a million.
The company reports that &we take the security of your information very
seriously,& a canard we&ve asked companies to stop saying in these situations.
Stop saying, ‘We take your privacy and security
seriously&
The T-Mobile representative stated that the attack was discovered in early November and shut down &immediately.& They did not
answer other questions I asked, such as whether it was on a public-facing or internal website or database, how long the data was exposed and
what specifically the company had done to rectify the problem.
The data listed above is not necessarily highly damaging on its own, but it
the kind of data with which someone might attempt to steal your identity or take over your account
Account hijacking is a fairly common tactic among cyber-ne&er-do-wells these days and it helps to have details like the target plan, home
address and so on at one fingertips.
If you&re a T-Mobile customer, it may be a good idea to change your password there and check up on your
account details.
Cybersecurity 101: Seven simple security guides for protecting your privacy
