Reports came out this week that T-Mobile had suffered a data breach. T-Mobile claims that the leak has been sealed. They deserve credit for responding quickly, but for some the damage may already be done. The data itself may not pose a direct risk to anyone, but the more information cybercriminals can obtain and correlate, the more effective future attacks will be.
T-Mobile Breach
According to reports, sensitive personally identifiable information (PII) of about 100 million T-Mobile customers—including names, addresses, Social Security numbers, driver’s license numbers, and even unique IMEI numbers that identify the individual’s specific mobile device—were offered for sale on a Dark Web forum.
T-Mobile issued a statement, “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
If the claim of 100 million compromised accounts is accurate, though, that would mean that a large percentage of current or past T-Mobile customers were already impacted before T-Mobile was able to take action to address the data breach.
T-Mobile confirmed that there was a data breach but has not yet verified what data was leaked or whether it contained the PII claimed by the attackers. The only people who know the true situation right now are inside T-Mobile. I am looking forward to their continued transparency in the days ahead as the investigation continues.
Fortunately, they haven’t played the victim card which is wise, and I am equally hopeful that the industry keeps its ire focused on the attackers and not T-Mobile - security is a process not a state of being, and nothing is accomplished by “bayoneting the wounded.”
Connecting the PII Dots
If PII was, in fact, exfiltrated from T-Mobile, is that cause for concern? It does appear that Social Security numbers, government ID numbers, driver’s license information and other personal information is being made available for sale. That is bad, but this breach is also a reminder that—as consumers—our personal information has been stolen many times over and sold on the Dark Web.
I get it. If your Social Security number is already compromised, it is easy to feel jaded about new breaches exposing it again. We can’t become complacent, though. It is important for organizations to do everything they can to protect sensitive data, and for consumers to do everything possible to safeguard PII. Each piece of PII may seem innocuous on its own, but it is all pieces of a puzzle.
What is particularly concerning with the T-Mobile breach is the availability of mobile phone IMEI identity numbers tied to each specific customer’s phone. The more information cybercriminals have about you, the more targeted and effective they can craft their attacks. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts.
Constant Vigilance
Data breaches, ransomware attacks and other malicious threats are not receding. On the contrary, they are increasing in frequency and severity.
We should all be on the lookout for the back-to-school scams and typical post summer resurgence of business that will likely herald an uptick in attacks while whetting the appetites of cybercriminals to carry out more brazen attacks.
Organizations need to have cybersecurity that provides the visibility and context to identify and understand suspicious or malicious activity in their environments. It is more important than ever for organizations to remain vigilant—and to have tools in place to effectively detect and stop attacks before data is compromised.