About

T-Mobile confirms data breach, commits better security

T-Mobile came into news in the last couple of weeks when claims of data breach on the T-Mobile datacenter surfaced online on security websites. Initially, T-Mobile denied the data breach. Not until, the 21 year old hacker came online and once again confirmed the breach. Finally, T-Mobile had to take ownership of the data breach and has confirmed that personal data of some users was compromised in the data breach. There are unofficial estimates that excess of data of 50 million customers’ data was compromised.

How did the data breach happen on T-Mobile?

As per Mike Sievert, CEO of T-Mobile, the security breach happened because of a bad actor. He stated – “Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. We are confident that there is no ongoing risk to customer data from this breach.”

While T-Mobile did not share the exact loophole that caused the security incident (for obvious reasons), the hacker said that he was able to access the router of T-Mobile’s datacenter and gained an entry into the network of T-Mobile. Data on the servers of T-Mobile datacenter were breached after the initial breakthrough into the network. Most likely cause of the breach seems to be an out-of-date firmware on the router. This security gap has been addressed by T-Mobile.

What was the extent of data breach?

There are no official claims of the number of users impacted with this data breach on the T-Mobile network. Its all speculation. There are stories of over 50 million users who may have been impacted with this data breach. The number will remain unconfirmed. T-Mobile confirmed that no payment information, financial data or credit card details were compromised. The subscriber and user details that were compromised include -“first and last names, date of birth, SSN, and driver’s license/ID information”

What are the next steps for T-Mobile?

Since issuing the apology to its customers, T-Mobile has promised higher investments to bolster cyber security. The security loophole has been taken care of. T-Mobile has taken in security consulting firm -Mandiant on a long term engagement for ongoing cybersecurity. KPMG comes to the T-Mobile scene as well, and it will bring expertise of security audits and services to the company. Besides, the company has created a special page about the data breach and you may know the details here.

For the affected users, T-Mobile has also worked on:

  • offering two years of free identity protection services with McAfee’s ID Theft Protection Service to all persons who may have been affected
  • recommending customers sign up T-Mobile’s free scam-blocking protection through Scam Shield
  • making Account Takeover Protection available for postpaid customers, which makes it more difficult for customer accounts to be fraudulently ported out and stolen
  • suggesting other best practices and practical security steps like resetting PINs and passwords for all customers.

Conclusion –

T-Mobile’s security incident has a lot of lessons learnt. The company’s initial response to the security incident could have been better and more emphatic for the affected users. But, what this tells us is that the corporate datacenters are prone to security incidents and need continuous monitoring, auditing and processing of security updates. In these times, nothing is insulated from cyber attacks or ransomware attacks.

Companies also need to increase cybersecurity budgets. User data security is of paramount significance, and businesses should take ownership of the security.