TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

T-Mobile’s New Data Breach Shows Its $150 Million Security Investment Isn’t Cutting It

Staff by Staff
January 21, 2023
in Computer
0
T-Mobile's New Data Breach Shows Its $150 Million Security Investment Isn't Cutting It
465
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Yesterday, mobile giant T-Mobile said that it suffered a data breach beginning on November 26 that impacts 37 million current customers on both prepaid and postpay accounts. The company said in a US Securities and Exchange Commission filing that a “bad actor” manipulated one of the company’s application programming interfaces (APIs) to steal customers’ names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details. The initial intrusion occurred at the end of November, and T-Mobile discovered the activity on January 5.  

T-Mobile is one of the US’s largest mobile carriers and is estimated to have more than 100 million customers. But in the past 10 years, the company has developed a reputation for suffering repeated data breaches alongside other security incidents. The company had a mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. Most large companies struggle with digital security, and no one is immune to data breaches, but T-Mobile seems to be approaching companies like Yahoo in the pantheon of repeated compromises.

“I’m certainly disappointed to hear that, after as many breaches as they’ve had, they still haven’t been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. “It is also concerning that the criminals were in T-Mobile’s system for more than a month before being discovered. This suggests T-Mobile’s defenses do not utilize modern security monitoring and threat hunting teams, as you might expect to find in a large enterprise like a mobile network operator.”

Because of limits on the API (an interface that facilitates communication between two software programs), the attacker did not gain access to Social Security numbers or tax IDs, driver’s license data, passwords and PINs, or financial information like payment card data. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers. At the time, the company also committed to a two-year, $150 million initiative to improve its digital security and data defenses.

T-Mobile, which did not respond to multiple requests for comment from WIRED, wrote in its SEC disclosure that in 2021, “We commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. We have made substantial progress to date, and protecting our customers’ data remains a top priority.”

It clearly hasn’t been enough, given the recent incident, which exposed data for roughly a third of the company’s US-based customers. 

“How many of these does T-Mobile have to have?” wondered Jake Williams, a longtime incident responder and an analyst at the Institute for Applied Network Security. “API security is just starting to be something people are really focusing on, which was a mistake. Detecting API abuse is not easy, especially if the threat actor is moving low and slow. I suspect there’s a large number of these in general that simply go undetected. But the bottom line is that T-Mobile’s API security clearly needs work. You shouldn’t be having mass API abuse for more than six weeks.”



Source link

Tags: phishingsecurityt-mobilevulnerabilities
Previous Post

How to Tell If Your Machine Learning Model Is Accurate

Next Post

15 Best Hair Gadgets In 2023

Next Post

15 Best Hair Gadgets In 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

A Carbon Capture Company Wants to Sell Credits on Tech That Hasn’t Been Commercially Tested Yet

A Carbon Capture Company Wants to Sell Credits on Tech That Hasn’t Been Commercially Tested Yet

November 5, 2022
Smart Shop Floors

5 Benefits of Smart Shop Floors

August 26, 2022

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com