T-Mobile Data Breach Amplifies Larger Cybersecurity Challenge

Reports came out this week that T-Mobile had suffered a data breach. T-Mobile claims that the leak has been sealed. They deserve credit for responding quickly, but for some the damage may already be done. The data itself may not pose a direct risk to anyone, but the more information cybercriminals can obtain and correlate, the more effective future attacks will be. 

T-Mobile Breach

According to reports, sensitive personally identifiable information (PII) of about 100 million T-Mobile customers—including names, addresses, Social Security numbers, driver’s license numbers, and even unique IMEI numbers that identify the individual’s specific mobile device—were offered for sale on a Dark Web forum.

T-Mobile issued a statement, “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”

If the claim of 100 million compromised accounts is accurate, though, that would mean that a large percentage of current or past T-Mobile customers were already impacted before T-Mobile was able to take  action to address the data breach.

T-Mobile confirmed that there was a data breach but has not yet verified what data was leaked or whether it contained the PII claimed by the attackers. The only people who know the true situation right now are inside T-Mobile. I am looking forward to their continued transparency in the days ahead as the investigation continues. 

Fortunately, they haven’t played the victim card which is wise, and I am equally hopeful that the industry keeps its ire focused on the attackers and not T-Mobile - security is a process not a state of being, and nothing is accomplished by “bayoneting the wounded.”

Connecting the PII Dots

If PII was, in fact, exfiltrated from T-Mobile, is that cause for concern? It does appear that Social Security numbers, government ID numbers, driver’s license information and other personal information is being made available for sale. That is bad, but this breach is also a reminder that—as consumers—our personal information has been stolen many times over and sold on the Dark Web. 

I get it. If your Social Security number is already compromised, it is easy to feel jaded about new breaches exposing it again. We can’t become complacent, though. It is important for organizations to do everything they can to protect sensitive data, and for consumers to do everything possible to safeguard PII. Each piece of PII may seem innocuous on its own, but it is all pieces of a puzzle. 

What is particularly concerning with the T-Mobile breach is the availability of mobile phone IMEI identity numbers tied to each specific customer’s phone. The more information cybercriminals have about you, the more targeted and effective they can craft their attacks. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts.

Constant Vigilance

Data breaches, ransomware attacks and other malicious threats are not receding. On the contrary, they are increasing in frequency and severity. 

We should all be on the lookout for the back-to-school scams and typical post summer resurgence of business that will likely herald an uptick in attacks while whetting the appetites of cybercriminals to carry out more brazen attacks.

Organizations need to have cybersecurity that provides the visibility and context to identify and understand suspicious or malicious activity in their environments. It is more important than ever for organizations to remain vigilant—and to have tools in place to effectively detect and stop attacks before data is compromised.

Sam Curry
About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry