Tag Archive for: Numbers

Hackers steal even more Social Security numbers. How should you protect yourself?

/in


FILE - This Wednesday, Oct. 14, 2015, file photo shows a T-Mobile store in New York. A federal indictment accuses Huawei of stealing trade secrets from T-Mobile, in the form of a robot designed to automatically test phones for problems. (AP Photo/Richard Drew, File)

T-Mobile disclosed Friday that about 5 million more customers’ personal data was exposed in a recent breach than it previously estimated. (Associated Press / Richard Drew)

Another day, another massive data breach claimed by hackers. Days after a breach at T-Mobile exposed about 53 million people’s personal information, a hacking group known as ShinyHunters announced that it was auctioning 70 million sets of sensitive data purportedly stolen from AT&T.

The information offered for sale was similar in both breaches, including full names, addresses, birth dates and Social Security numbers. In short, it’s the foundation for identity theft.

AT&T responded Friday by casting doubt about the claim by the prolific ShinyHunters cabal, stating that “[b]ased on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.”

Regardless of where the data came from, though, if it’s valid it could be a nightmare for anyone whose sensitive information is exposed. Here’s a quick guide to the risks you may face and some of the things you can do to protect yourself.

What are the risks?

Social Security numbers are widely used by the federal government, banks, investment companies, government benefit programs and insurers to verify your identity. Your stolen Social Security number can be used to open fraudulent credit card accounts, divert or fraudulently collect benefits and commit workplace fraud, among other forms of deceit. Throw in your name, birth date and email address (which the ShinyHunters claim to have stolen too), and it’s significantly easier for someone to pretend to be you.

Identity thieves could use that information to target both you and the banks, insurers and other companies you do business with. For example, they could use it to make phishing emails seem more realistic, helping to persuade you to give up additional sensitive information such as a password or personal identification number (PIN). Or they could use it to dupe your bank into letting them change the password on your account, giving them access to your money.

The T-Mobile breach also exposed the phone numbers, device identifiers and SIM-card numbers…

Source…

Mint Mobile data breach allows hackers to port phone numbers: Report

/in


San Francisco, July 11 : US-based telecommunication company Mint Mobile has revealed the company became a victim of a data breach that allowed several phone numbers to be ported out to another carrier, along with possible access to subscriber data.

An email sent on Saturday to affected customers by Mint Mobile disclosed there was a breach of the carrier’s systems.

The breach, which occurred between June 8 and June 10, reveals a “very small number of Mint Mobile subscribers’ phone numbers were affected by the incident”, reports AppleInsider.

According to Mint Mobile, which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network, phone numbers associated with the accounts were “temporarily ported to another carrier without permission”, a media report said.

The company also admits the attacker may have gained access to some account information, including names, numbers, email addresses, passwords and account numbers.

The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems.

In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent’s computer to steal information, and data later used to attack Microsoft’s customers. (IANS)

Source…

Mint Mobile hit by a data breach after numbers ported, data accessed

/in


Mint Mobile

Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers’ account information and ported phone numbers to another carrier.

According to the data breach notification email sent to affected subscribers this weekend, between June 8th and June 10th, a threat actor ported the phone numbers for a “small” number of Mint Mobile subscribers to another carrier without uthorization.

In addition to the ported number, Mint Mobile disclosed that an unauthorized person also potentially accessed subscribers’ personal information, including call history, names, addresses, emails, and passwords.

“Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission,” Mint Mobile disclosed.

“While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”

Mint Mobile data breach notification
Mint Mobile data breach notification
Source: Reddit

While Mint Mobile has not said how the threat actor gained access to subscribers’ information, based on the accessed data, it is likely that hackers hacked user accounts or compromised a Mint Mobile application used to manage customers.

As the threat actors may have gained access to your Mint Mobile password, it is strongly advised that you change your password on your account.

Furthermore, threat actors could have used the ported number additional attacks, such as phishing, or to gain access to 2-factor authentication codes sent via text message.

Due to this, Mint Mobile is warning affected users to “protect other accounts that use your phone number for validation purposes and to reset account passwords.”

USCellular disclosed a similar attack in January after threat actors scammed employees into download software that provided remote access to the company’s devices.

Using this remote access, the hackers used customer relationship management (CRM)…

Source…

Home addresses, social security numbers & sensitive medical data on 500,000 French patients leaked online after hack – reports — RT World News

/in


Sensitive medical records on nearly 500,000 patients in France have been stolen in a major cyber attack on dozens of healthcare labs, landing online after an alleged dispute between the hackers, according to media reports.

A file containing names and contact details on 491,840 people has made the rounds online since at least earlier this month, according to French cybersecurity journalist Damien Bancal, who runs the Zataz blog. The data includes home addresses, phone numbers, emails, social security numbers and other sensitive medical information pertaining to medications, pregnancy and diseases such as HIV.

While Bancal first noted the hack in a February 14 blog post, AFP and the French daily Liberation followed up more recently, with the latter finding the data was likely stolen from roughly 30 medical labs located around northwestern France.

“We can find this file in seven different places on the internet,” Bancal told AFP on Tuesday, adding that although hackers initially negotiated for the data through a Telegram chat, the stolen material was later released for free after a dispute among the blackhatters.  

Data on 500,000 people is already huge and nothing prevents me from thinking that the hackers still have a lot more.



Also on rt.com
Hackers threaten to leak massive trove of ‘before & after’ plastic surgery photos, warn they’re ‘not a pleasant sight’


Though AFP’s requests for comment to French authorities have so far gone unanswered, Bancal observed that the country’s CERT cyber crime agency appears to have acknowledged the breach earlier this month. The outfit posted a notice to the website of the French Ministry of Health warning that login credentials for up to 50,000 “hospital center agents” had been swiped and put up for sale on February 4, adding that while “it is difficult to precisely describe the origin of this leak,” it could allow hackers to access healthcare networks. 

Bancal also claims to have personally contacted one of the people still attempting to sell the purloined records through the online blackmarket. He said the person asked for “at least…

Source…