For at least the fifth time in four years, T-Mobile has suffered a data breach. Over the weekend, it was reported that a vendor on an online forum posted stolen information for sale. On Monday, T-Mobile confirmed the illegally-accessed attack, followed by further details on Wednesday. Customer data for 48.6 million individuals were, indeed, stolen. The names, social security numbers, birthdays, driver’s license information, phone numbers, and PINs of current, former and prospective clients, were taken.
The hacker’s modus operandi is a tale as old as time—as opposed to ransomware locking down the system, these hackers force their way in, steal and back up the data and then sell it. Originally the price tag was 6 bitcoin, or $270,000, but then it drastically decreased to $200.
Despite the lowered price tag, the negative impact remains significant. So far, T-Mobile has closed the access, reset PINs for prepaid accounts, highly recommended postpaid account holders change their PINs as well, offered two years of free identity protection services, and offered an extra step to protect mobile accounts.
T-Mobile’s past and present security issues are certainly decreasing their credibility. Yuan Stevens, a researcher at Ryerson University in Toronto said, “I don’t think it’s on the individual to protect their data–Instead, institutions should be responsible for protecting consumer data.” For many companies, necessary security protocols aren’t in place, are drifting as a priority, or aren’t advanced enough to withstand present-day threats. This leads to reactive, defensive, and last-minute responses once they’ve suffered a hack.
Because of weakened security, while working from home, this is not acceptable. Companies need to realize it’s not an if, but a when. Proactive steps must be taken in order to prevent attacks. For T-Mobile clients, Forrester security and risk analyst Allie Mellen says, “It’s something that should make their customers consider whether it’s actually worth working with T-Mobile.”
If you’re ready to take the necessary steps to heighten your cybersecurity, let’s talk! We offer protection through our managed IT services, as well as additional protection through our security packages. You’ll receive 24/7 monitoring, separate credentials for server and admin access, email protection, and ongoing education, among many other things. Even just email access can lead hackers to crucial information about people’s personal and professional lives. Don’t allow your company to be the next victim in the series of attacks that have happened since the COVID pandemic.
