Skip to content

Over 1 million+ T-mobile customers were affected with a data breach. Personal information (not including password or financial data) were revealed. Expected data revealed would be name, billingaddress, phone and account number, calling scheme etc. The scheme data by T-Mobile customer privacy policy requires them to notify their customer if there is a leak of such data. Considering the nature of the data leak, it maybe used for identity theft. It is recommended to change one’s password to their T-mobile account

Why It Happened ?

The security team at T-mobile noticed some unauthorized and malicious access to some pre-paid wireless accounts. It was reported to the authorities promptly and the malicious access was stopped. No major sensitive data like social security number or passwords were leaked in the process.

 

What Can You Learn ?

The above attack used various loopholes at various stages and we can list a few mitigation steps from it. 

  • Regular Scan For Malicious Activities scanning for red flags, unauthorized access and having the right protocols for automated alerts can be a huge bonus
  • Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
  • PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
  • Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors
 

References

More than 1 million T-Mobile customers exposed by breach

https://www.techradar.com/in/news/over-a-million-t-mobile-customers-hit-in-data-breach

https://www.businessinsider.in/tech/news/t-mobile-just-told-some-customers-that-there-was-a-data-breach-of-their-personal-information-heres-how-to-check-if-youre-affected-/articleshow/72192031.cms