T-Mobile US admits it was hit by… – News

37 million customer records compromised

T-Mobile US reveals it suffered a serious data breach earlier this month by a “bad actor” who used an API (application programming interface) to raid 37 million accounts for customer data. I made it

Hackers collected customer names, billing email addresses, phone numbers, dates of birth, account numbers, account lines, and service plan features.

“Our systems and policies prevented access to the most sensitive types of customer information.”

The network shut down the affected systems within 24 hours and said no passwords, payment card information, social security numbers, government ID numbers, or other financial account information were compromised.

Our systems and policies prevent access to the most sensitive types of customer information, so that customer accounts and finances are not directly jeopardized by this event. There is also no evidence that any person has penetrated or compromised T-Mobile’s network or systems,” the statement said.

We have not received any information about any affected customers that would compromise their account or financial security, but we want to be transparent with our customers and make sure they are aware. increase. We understand the impact such incidents have on our customers and we regret that this has happened. Unfortunately, like any company, we are not immune to this type of criminal activity, but we plan to continue to make significant and significant investments to strengthen our cybersecurity program.

T-Mobile said it was a victim of a data breach, but added that “the most sensitive types of data” were not compromised. You said you discovered it was acquired via an application programming interface, but we believe the breach first occurred in November.

The breach did not compromise social security numbers, driver’s licenses, other government ID numbers, passwords, and PINs. Rather, the APIs affected are limited to a limited set of customer account data, including information such as name, billing address, email, phone number, date of birth, T-Mobile account number, and number of lines on the account. Not available. We will plan the function,” he said.

Sam Curry, chief security officer at a Boston cybersecurity firm CybereasonSaid;

What is sensitive and what is not is an important question. It doesn’t matter if you lost important data or financial information. Customer information is a privilege, not a right, to have. In this case, while it’s great that T-Mobile’s network wasn’t compromised, and that the loss of the direct bill number didn’t allow for outright theft, it does erode privacy and make it easier for hackers to compromise identities. is still important and confidential..

“T-Mobile seems to have moved quickly. I don’t know the details, but the results of this survey have caught the world’s attention. But it remains to be seen if the 2023 breach will be similar to the one suffered by T-Mobile in 2021. Did the company learn from 2021? Was 2023 unique? If it can fail from time to time, was this the case or worse? Only time and facts will tell us, and T-Mobile and fellow practitioners , will tell you what the new lessons that must be learned are.

Sam Curry, Cybereason: Customer information is a privilege, not a right, to hold.

Leave a Reply

Your email address will not be published. Required fields are marked *