Close to 50 million current, former and prospective T-Mobile customers had their names, social security numbers, and IDs stolen by a 'bad actor' who snaked into the company's system and allegedly posted the data for sale on an 'underground forum.'
T-Mobile first announced the breach Monday, saying that they had closed the 'entry point' used to gain access to the system, but the extent of the exposure was not known until Tuesday.
About 7.8 million current customers and 40 million former or prospective customers who applied for credit with the carrier had their sensitive information stolen, T-Mobile said in a statement.
Another 850,000 active prepaid customer had just their names, phone numbers and account PINs exposed.
Close to 50 million T-Mobile users had their data potentially exposed in a data breach
The information includes names, social security numbers and drivers' licenses
None of the stolen files include financial information like debit or credit cards, T-Mobile said, and no Metro by T-Mobile, former Sprint prepaid or Boost customers had their names or PINs exposed.
Motherboard reported that a hacker was selling a subset of the data with 30 million customers' Social Security numbers and drivers' licenses for six Bitcoin, or $270,000.
'I think they already found out because we lost access to the backdoored servers,' the seller said.
The seller advertised the data as: 'T-Mobile USA. Full customer info.'
The breach was announced Monday, but the extent of it was not known until Tuesday
Data breaches are a top concern for major companies in the US, with ransomware attacks against hospitals and other companies that store highly sensitive information increasing in recent years.
The Biden administration has made protecting the country from cyberattacks a 'top priority.'
'All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,' said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, in an open letter to the private sector on June 2.
'Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the UK. The threats are serious and they are increasing.'
Colonial, the nation's largest fuel pipeline, paid $4.4 million to Darkside after a ransomware attack in May. Above, fuel holding tanks at Colonial Pipeline's station in Washington, DC
Vehicles waited in lines at a Costco in Raleigh, North Carolina on May 13. Fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations
In May, the 5,500-mile Colonial Pipeline was disrupted by a ransomware attack.
The pipeline runs from Houston, Texas through the southeastern US, carrying about 45 percent of all fuel consumed in the East Coast.
The pipeline paid a ransom of $4.4 million in Bitcoin to the criminal hacking group Darkside.
The Department of Justice eventually recovered $2.3 million, or 63.7 Bitcoin, from the group, according to CNN.
Also in May, Irish hospitals were reduced to pen and paper after the Conti ransomware group got a hold of the country's health service system and asked for $20 million, according to the BBC.
The group eventually handed over access to the hospitals' systems for free, but threatened to 'sell or publish a lot of private data' if they didn't get the money.
The US subsidiary of the German telecom giant is headed by CEO and president Mike Sievert (left). John Legere (right) stepped down as CEO in April 2020
T-Mobile US, a subsidiary of the German telecom giant, finalized a deal to buy Sprint for $26 billion in 2020, leaving T-Mobile as the surviving brand - meaning former Sprint customers are likely included in the breach.
'Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,' the carrier said Tuesday.
'We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.'
T-Mobile will publish a website to help its customers protect themselves from the breach later on Wednesday.
Risk Based Security identifies the health care sector as the most hacked in the first half of 2021. Names and social security numbers were the most sought after
In the meantime, the company is urging its customers to change their PINs online or by phone.
They are also offering two years of free identity protection services from McAfee's ID Theft Protection.
Almost 19 billion records were exposed worldwide in the first half of 2021, according to an analysis by Virginia-based cybersecurity firm Risk Based Security.
The healthcare sector accounted for most of the breaches, followed by the finance and insurance sector and information sector.
'As ransomware gained in popularity, the targeting of credit card data began to drop off. This can be seen in the leveling off of breaches in the retail space and the increase of incidents in the manufacturing space - a sector especially sensitive to downtime,' the analysis said.
No comments:
Post a Comment