T-Mobile data breach: Industry reactions

T-Mobile is investigating a claim that as many as 100 million accounts may have been compromised in a data breach.

In a cybersecurity update, T-Mobile said:

“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”

Anurag Kahol, CTO, Bitglass

It’s concerning when it takes an organization months, or even years, to recognize that a misconfigured server has enabled a breach or a leak. In this case with T-Mobile, the details are hazy, and it’s not clear when the data may have been accessed.

It does not take much effort for outsiders to find unsecured databases and access sensitive information these days. This breach is another classic example of a simple security mistake resulting in massive amounts of customer data being exposed.

Leaking this number of records to the public internet is a significant offense by the organization and one that we’ve seen dozens of times in the past year, yet it is unlikely that we’ll see anything change unless organizations take the initiative in protecting corporate data.

Leaving a server publicly accessible is simply unacceptable. Even smaller companies with limited IT resources must ensure that they are properly securing data. Companies – of all shapes and sizes – must realise that the implications of failing to invest in their own cybersecurity readiness are widespread, posing major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation.

Richard Orange, Vice President of EMEA, Digital Guardian

Is it really worrying that companies such as T-Mobile continue to suffer these data breaches when they stand to face such a significant fine and reputable damage. T-Mobile now must thoroughly investigate what led to the breach, then build a remediation strategy that can help to avoid those same pitfalls in the future.

Organizations large and small continue to fall victim to data privacy breaches and data loss – the impact of which, in many instances, could have been minimized or prevented from happening in the first place.

Cybersecurity programs should ensure that emphasis is placed on the security of the data itself – and not just on networks, servers and applications. Shifting the focus towards identifying, controlling and securing sensitive data assets may not prevent a cyber breach, but it will minimize data loss. What’s more, we must work harder as an industry to collaborate and combat the growing and changing cyber threat landscape.

Jack Chapman, VP of Threat Intelligence, Egress

This could be one of the most serious leaks of consumers’ sensitive information we’ve seen so far this year, potentially affecting 100 million people. Cybercriminals are using T-Mobile’s data to line their pockets, and unfortunately, it’s T-Mobile’s customers who will pay the price.

The data leaked in this breach is reported as being already accessible to cybercriminals, who could now weaponize it to formulate sophisticated phishing attacks targeting the victims. In light of this, I would urge any customers who have been affected by this breach to be wary of any unexpected communications they might now receive, whether that’s over email, text messages or phone calls.

Follow-up attacks may utilize the information accessed through this data breach to trick people into sharing more personal data that can be used for identity and financial fraud.

This highlights the need for organizations such as T-Mobile to put in place the right technology to secure their sensitive data and defend their employees and their company from targeted attacks by cybercriminals. It’s time for organizations to take responsibility and ensure they’re keeping their customers’ data out of the hands of cybercriminals.

Sharon Besser, SVP, Guardicore

This is yet another example of how important it is to properly segment internal environments to limit attackers’ ability to access ‘crown jewel’ data.

While it appears a misconfigured IP core element GGSN was the entry point, the attacker admittedly had to make several pivots before gaining access to production servers holding PII and other highly sensitive information.

Repeated instances like this highlight the fact that organizations still struggle with reducing the attack surface and limiting lateral movement once a trusted network has been compromised.