We have yet to see whether the stolen information will be listed for sale online, but it will likely show up somewhere. In the news release, T-Mobile tries reassuring impacted customers by stating that the only information stolen was “ome basic customer information (nearly all of which is the type widely available in marketing databases or directories).” This information includes names, billing addresses, email addresses, phone numbers, dates of birth, account numbers, and account information “such as the number of lines on the account and service plan features.” The company makes clear that “No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.” By the time T-Mobile secured the relevant API, the threat actor had stolen information relating to approximately 37 million customers, which is another detail not disclosed in the news release. T-Mobile’s regulatory filing states that the threat actor seems to have “first retrieved data through the impacted API starting on or around November 25, 2022.” It wasn’t then until January 5, 2023, that the company became aware of the data theft. What the news release does not reveal is that the company discovered the data breach over a month after the threat actor first gained unauthorized access to a customer database and began exfiltrating information. ![]() Within 24 hours of discovering this issue, T-Mobile closed off the method of unauthorized access. However, the news release skips over important details revealed in the regulatory filing.Īccording to the news release, a threat actor managed to access T-Mobile customer information by way of an Application Programming Interface (API). The company disclosed this information in both a news release and a filing with the Securities and Exchange Commission (SEC). Or maybe the sound is T-Mobile US execs laughing this one off: since 2018 the carrier's share price has soared from $65 to $145, subscriber numbers have grown from 77 million to 110 million, and revenue is on track to nearly double to around $80 billion.Yesterday, T-Mobile, one of the big three mobile internet service providers in the US, announced that it recently fell victim to a data breach. That sound you hear? Lawyers everywhere preparing class-action documentation. It also admits: "We may incur significant expenses in connection with this incident." "While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program," the paperwork states. In its statement, the carrier seemingly surrenders to the inevitability of more successful attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |