Tag Archive for: TMobile’s

T-Mobile’s New Data Breach Shows Its $150 Million Security Investment Isn’t Cutting It


Yesterday, mobile giant T-Mobile said that it suffered a data breach beginning on November 26 that impacts 37 million current customers on both prepaid and postpay accounts. The company said in a US Securities and Exchange Commission filing that a “bad actor” manipulated one of the company’s application programming interfaces (APIs) to steal customers’ names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details. The initial intrusion occurred at the end of November, and T-Mobile discovered the activity on January 5.  

T-Mobile is one of the US’s largest mobile carriers and is estimated to have more than 100 million customers. But in the past 10 years, the company has developed a reputation for suffering repeated data breaches alongside other security incidents. The company had a mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. Most large companies struggle with digital security, and no one is immune to data breaches, but T-Mobile seems to be approaching companies like Yahoo in the pantheon of repeated compromises.

“I’m certainly disappointed to hear that, after as many breaches as they’ve had, they still haven’t been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. “It is also concerning that the criminals were in T-Mobile’s system for more than a month before being discovered. This suggests T-Mobile’s defenses do not utilize modern security monitoring and threat hunting teams, as you might expect to find in a large enterprise like a mobile network operator.”

Because of limits on the API (an interface that facilitates communication between two software programs), the attacker did not gain access to Social Security numbers or tax IDs, driver’s license data, passwords and PINs, or financial information like payment card data. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers. At the time, the company also committed to a…

Source…

How To Find Out If You Will Get Anything From T-Mobile’s $350 Million Data Breach Settlement


Wireless carrier T-Mobile has agreed to pay $350 million to settle complaints relating to last year’s major data breach.

Plaintiffs say the hack exposed data on millions of customers.

The settlement was first disclosed in a Securities and Exchange Commission (SEC) filing back in July.

T-Mobile customers, both past and present, could receive compensation from the settlement. Of course, not all of the $350 million will go to consumers.

Lawyers have to be paid. Also, $150 million will go to beef up T-Mobile security, described by the hacker in a confession to the Wall Street Journal, as “awful.”

According to Reuters, people who were T-Mobile customers at the time of the hack could receive $25 if the settlement is approved. Customers living in California would receive up to $100.

The final amount will likely be determined by how many customers make a claim.

In fact, the number of consumers affected by the breach is not precisely known. Lawyers for the plaintiffs say the number is over 76 million, a claim disputed by T-Mobile. 

Getting paid could take months

T-Mobile has not yet laid out steps for making a claim. In past settlements people eligible to receive compensation have usually been notified by mail. According to Tech Crunch, it could take several months for the company to sort everything out and contact eligible customers.

The settlement was filed in the U.S. District Court for the Western District of Missouri, which must give final approval. The settlement merged more than 40 class-action suits that claimed T-Mobile was lax with its network security.

If the settlement wins the court’s approval, it would be the second-largest data breach settlement in U.S. history. Equifax’s $700 million settlement in 2019 is the largest writes Consumer Affairs.

Related Articles


VIDEO


“Dr. Harry Delany is a renowned Harlem born and raised surgeon, the son of the great jurist and civil rights leader, Hubert Delany….” This monthly post is made in partnership with Harlem Cultural Archives.

Source…

T-Mobile’s 2021 data breach raises DCCA concerns


HONOLULU (KHON2) — There was a massive T-Mobile data breach on Aug. 17, 2021, which compromised over 53 million individuals’ personal information nationwide — including 223,299 Hawaii residents.

The Department of Commerce and Consumer Affairs’ (DCCA) Office of Consumer Protection (OCP) encouraged those affected by the data breach to “take steps to protect their personal information.”

Download the free KHON2 app for iOS or Android to stay informed on the latest news

DCCA said millions had their names, dates of birth, Social Security Numbers and driver’s license information compromised and a large amount of consumer information was recently up for sale online on the dark web.

According to OCP, a dark web is a “hidden portion of the internet where cybercriminals buy, sell and track personal information.”

Individuals received alerts through their identity theft protection services which let them know their information was compromised and it was confirmed that their information was connected to the 2021 T-Mobile data breach.

“Given recent developments, Hawaii consumers impacted by the T-Mobile security breach need to take action to protect themselves against identity theft,” said Stephen Levins, executive director of the OCP.

OCP said individuals impacted by the breach are at heightened risk for identity theft.

Check out more news from around Hawaii

Steps to protect your personal information, according to DCCA:

  1. Monitor your credit. Credit monitoring services track your credit report and alert you whenever a change is made, such as a new account or a large purchase. Most services will notify you within 24 hours of any change to yoru credit report.
  2. Consider placing a free credit freeze on your credit report. Identity thieves will not be able to open a new credit account in your name while the freeze is in place. You can place a credit freeze by contacting each of the three major credit bureaus:
  3. Place a fraud alert on your credit report. A fraud alert tells lenders and creditor to take extra steps to verify your identitiy before issuing credit. You can place a fraud alert by contacting any one of the three major credit…

Source…

Hacker Claims T-Mobile’s ‘Awful’ Security Gave Him Access to 50 Million Accounts


Now living in Turkey, hacker John Binns shared with the Wall Street Journal how he breached T-Mobile’s network and gained access to 50 million accounts in July. He didn’t use any sophisticated tools or highly complex methods to breach T-Mobile’s security. Instead, the hack job was made easy because the mobile carrier’s security is lax, claims Binns.

Binns said he could access T-Mobile’s network through an unprotected router in the company’s data center near East Wenatchee, Washington. He discovered the vulnerable piece of hardware using a publicly available scanning tool that he pointed at T-Mobile’s widely known internet addresses.

“I was panicking because I had access to something big,” said Binns to the Wall Street Journal. “Their security is awful.”

Binns is a known hacker who has been perfecting his craft online since 2017 using various online aliases. He shared the details on this T-Mobile hack with the WSJ before the wireless carrier publicly confirmed the intrusion.

Binns declined to confirm whether he was paid to conduct the hack or sold the data he obtained.

T-Mobile CEO Mike Sievert said he was “truly sorry” for the intrusion that affected 50 million people. 

“We didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”

T-Mobile CEO Mike Sievert via AP

The company confirmed that the hack exposed names, social security numbers, driver’s license information, and more. Over 40 million customers who applied for T-Mobile credit were affected by this breach. Also involved were 7.8 million current T-Mobile subscribers who pay for their service on a monthly basis.

T-Mobile has reached out to those accounts that were compromised in this breach. If you are not sure if your account was involved, you can contact T-Mobile customer service or log into your account.

Those who were not affected should see a banner on their account page that confirms the hacker did not steal their account data.

Source…