T-Mobile has again become a victim of a potential data breach, with an online forum post claiming to be selling Social Security numbers, names, addresses and driver licenses information related to more than 100 million people.
The issue came to light after the website Motherboard indicated the seller of the data had made contact. Some data was presented from T-Mobile’s servers that included names and other personally identifiable information related to more than 100 million people from around the world.
According to T-Mobile: “Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems. We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.
“We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”
T-Mobile has been the target of several data breaches since 2018. The most recent incident had been in December 2020 when call-related information and phone numbers for customers of the mobile telephony service may appeared to have been exposed.
The other T-Mobile incidents were:
- 2018 – a hack of data relating to 2 million customers.
- 2019 – a data loss relating to pre-paid service customers.
- March 2020 – a loss of customer financial data.
According to new analysis from Ric Longenecker, CISO at Open Systems, big companies need to improve much more in order to prevent cyberattacks.
Longenecker explains: “Another day, another cyberattack on a major company results in the personal information of millions of people being stolen.”
And this is becoming a regular pattern, the expert opines: “This has become an all too common occurrence for companies worldwide – and the fifth known data breach for T-Mobile over the past three years.”
Companies clearly need to take immediate action to prevent such breaches, but they can’t do it alone. Finding a reliable security partner to reduce risk and protect sensitive information should be a company’s first step. Recent attacks only highlight that a collective effort is needed to combat the risk posed by cybercriminals.”