The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.
“I'm certainly disappointed to hear that, after as many breaches as they've had, they still haven't been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. “It is also concerning that the criminals were in T-Mobile's system for more than a month before being discovered.
Because of limits on the API , the attacker did not gain access to Social Security numbers or tax IDs, driver's license data, passwords and PINs, or financial information like payment card data. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers.
T-Mobile, which did not respond to multiple requests for comment from WIRED, wrote in its SEC disclosure that in 2021, “We commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity. We have made substantial progress to date, and protecting our customers’ data remains a top priority.
It clearly hasn't been enough, given the recent incident, which exposed data for roughly a third of the company's US-based customers. “How many of these does T-Mobile have to have?” wondered Jake Williams, a longtime incident responder and an analyst at the Institute for Applied Network Security. “API security is just starting to be something people are really focusing on, which was a mistake. Detecting API abuse is not easy, especially if the threat actor is moving low and slow. I suspect there's a large number of these in general that simply go undetected.
Indonesia Berita Terbaru, Indonesia Berita utama
Similar News:Anda juga dapat membaca berita serupa dengan ini yang kami kumpulkan dari sumber berita lain.
Party City files for bankruptcy as part of $150 million agreement to restructure businessParty City's bankruptcy filing was brought about by the pandemic and a global supply chain crisis, CEO Brad Weston said Wednesday.
Baca lebih lajut »
FanDuel Promo Code: Bet $5 to get $150 in betting credits for Grizzlies vs. LakersClaim the FanDuel promo code to make a $5 bet and get $150 in betting credits for the Memphis Grizzlies vs. the Los Angeles Lakers on Friday.
Baca lebih lajut »
Lab analysis confirms deceased suspect was responsible for 3 El Paso County murders in 2018Almost five years after a man suspected of killing three people was shot and killed by El Paso SWAT, laboratory testing confirmed he was the one and only suspect in the murders.
Baca lebih lajut »
Deceased suspect identified in 2018 El Paso County homicide casesA man suspected in the deaths of an El Paso County couple is dead and the criminal investigation into the couple’s deaths is closed, according to the sheriff’s office.
Baca lebih lajut »
Pompeo slams Trump's defense of Putin in 2018 as 'mistake': BookFormer Secretary of State Mike Pompeo criticized former President Donald Trump for his decision to defend Russian President Vladimir Putin during a press conference in 2018, a moment the former Trump ally called a “mistake,” according to a forthcoming book.
Baca lebih lajut »