Remember meForgot password?
    Log in with Twitter

article imageAssist Wireless caught out in major data breach Special

By Tim Sandle     Sep 4, 2020 in Technology
U.S. cell carrier Assist Wireless left tens of thousands of personal customer documents on its website by mistake. This error has potentially placed personally identifiable information in the hands of criminals.
Assist Wireless LLC, a U.S. mobile virtual network operator that provides phone services to the underprivileged with government support. The company reported at the start of September that it has suffered from a data breach.
It appears that a third-party plugin was responsible for the accidental exposure of thousands of Assist Wireless customer passports, Social Security cards and driver’s licenses. Thus information provides opportunities for the criminals behind the attack to collect such data and to use it for identity theft, such as gaining access to financial accounts.
To learn more about the data breach, Digital Journal caught up with Robert Prigge, CEO of Jumio, a firm that specializes in online identity verification and user authentication.
According to Prigge the cyber-incident "Equips fraudsters with all the information they need to take over wireless accounts - but it doesn't stop there."
Prigge cautions that the data could now be deployed "to access bank accounts and combined with other information on the dark web to access social media profiles, email accounts and more. As the exposed information was directly connected to a user's cell phone account, fraudsters can make a strong case with Assist Wireless that the phone was lost or stolen, convincing them to activate a new SIM card connected to the legitimate user's phone number." The problem is that this means, in practice, on a smartphone held by the criminal.
In terms of the nature of the attack, Prigge says: "This SIM swapping would further grant the fraudster control over the user's accounts, allowing them to request account verification codes/links be sent to the device. Once logged in, fraudsters can easily transfer money from bank accounts, post offensive content from the user's social media profiles, send fraudulent emails on behalf of the user."
In terms of protective measures, the standard defense practiced by companies may not be sufficient. Prigge notes: "Even if enterprises have battened down the hatches on their own security, their efforts become meaningless if they do not ensure their vendors have done the same."
In terms of advice, Prigge recommends: "It is critical enterprises thoroughly vet their selected partners, especially those that handle and manage customer data. This ensures personal information stays with the user and out of the hands of fraudsters."
More about Assist Wireless, Data breach, Cybersecurity
More news from
Latest News
Top News