“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” FCC chair Jessica Rosenworcel wrote. On January 6, the US Federal Communication Commission proposed more stringent data-breach reporting criteria for the telecom industry. And add a PIN to your wireless account so attackers need that additional authentication mechanism before they can attempt to compromise your SIM card. If you're a T-Mobile customer, or just looking to improve your digital security, make sure you're using an authenticator app or hardware token for two-factor on as many accounts as possible. It “should be another reason for T-Mobile customers to lock down their accounts and move away from SMS-based multifactor authentication for banks, cryptocurrency wallets, etc.” “The information stolen in this breach is ideal for SIM swapping attacks and other forms of identity theft,” Sophos's Wisniewski says. We have made substantial progress to date, and protecting our customers’ data remains a top priority.” T-Mobile, which did not respond to multiple requests for comment from WIRED, wrote in its SEC disclosure that in 2021, “We commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. At the time, the company also committed to a two-year, $150 million initiative to improve its digital security and data defenses. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. This suggests T-Mobile's defenses do not utilize modern security monitoring and threat hunting teams, as you might expect to find in a large enterprise like a mobile network operator.”īecause of limits on the API (an interface that facilitates communication between two software programs), the attacker did not gain access to Social Security numbers or tax IDs, driver's license data, passwords and PINs, or financial information like payment card data. “It is also concerning that the criminals were in T-Mobile's system for more than a month before being discovered. “I'm certainly disappointed to hear that, after as many breaches as they've had, they still haven't been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. Most large companies struggle with digital security, and no one is immune to data breaches, but T-Mobile seems to be approaching companies like Yahoo in the pantheon of repeated compromises. The company had a mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. But in the past 10 years, the company has developed a reputation for suffering repeated data breaches alongside other security incidents. T-Mobile is one of the US's largest mobile carriers and is estimated to have more than 100 million customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |