Home Blog T-Mobile Breach Exposes Sensitive Customer Data – Cyber Security Story

T-Mobile Breach Exposes Sensitive Customer Data – Cyber Security Story

September 23, 2022

605

T-Mobile – An Overview

T-Mobile is a well-renowned brand name that is widely used by some of the mobile communications subsidiaries of the German telecommunications company, Deutsche Telekom AG in the Czech Republic, Poland, the United States, and the former subsidiary in the Netherlands.

Founded in the year 1999, it has markets in Poland, the Netherlands, the Czech Republic, and the United States.

T-Mobile’s only motivation is its customers and these customers are what inspire them and drive them to look for new and innovative ways to keep them seamlessly connected to what matters to them the most.

Related: Highest Paying Cybersecurity Job Roles & Desired Skills

Services offered by T-Mobile

T-Mobile offers mobile Broadband Internet Access Services for not only smartphones but basic phones and USB modems etc.
With that, it offers internet services for tablets and mobile hotspots, and wireless devices over its 2G, 4G LTE, and 5G broadband networks.

Related Interesting Stories

The Big Attack

While everything was going smoothly for this amazing company, on August 17, 2021, a statement was released by T-Mobile confirming their systems were subjected to a criminal cyberattack. The attack compromised the data of millions of T-Mobile’s customers. This included their former and prospective customers as well. According to the statement released by the company, an investigation has been started and it is based on a report by someone who claimed to have confessed that they have compromised T-Mobile’s servers.

Damage caused:

The damage was big no doubt. Around 40 million people’s data was compromised in this recent data breach. This included 7.8 million current T-Mobile customers who were paying monthly for the phone services they used. Of 104 million customers T-Mobile had, nearly half of them were affected by this attack.

What kind of data was stolen?

The stolen data had personal information of the customers.
This included their first and last names.
Their date of birth.
Social Security numbers.
Driver’s license/ID numbers.

Now this kind of information exposed was enough for any unknown person to use for setting up an account in someone else’s name or even hijack an existing one.

What data was not stolen?

Luckily, the most critical data of any customer was not stolen, this included;

Phone numbers.
Account numbers.
PINs or any kind of password.
Credit card information.
Any payment information.

Challenges faced by T-Mobile

Even though the company itself declared that the data of around 40 million people was compromised yet a Twitter account that was advertising the stolen data for sale mentioned that this attack has affected all 100 million customers. And that it also included IMEI/IMSI data for 36 million customers that can easily identify specific devices or even SIM cards. However, T-Mobile did not confirm any of it and stood by its original released statement.

After this incident, T-Mobile had to add a page on its site that would allow customers to change their PINs and passwords.

With that, they also offered two years of free identity protection services for McAfee. They also recommended all their postpaid customers change their PIN.

The attack had led the entire T-Mobile family not only disappointed but frustrated as well. Their only aim is to keep the customer’s data safe and they failed to do so. Thankfully an investigation led by experts allowed them to understand what has happened and how much people were affected and to what extent and then they were able to control it gradually.

How did it happen?

Now comes the real question, how did the attack happen or how was an ordinary hacker able to hack such a database?

Well, the hacker was brave enough to take full responsibility for the breach. According to the 21-year-old John Binns, the security of T-Mobile was just awful. He infiltrated T-Mobile after the company’s misconfigured Gateway GPRS Support Node was exposed on the internet. In simpler words, Binns was able to find an unprotected router using a publicly available tool and from there he searched weak spots in T-Mobile’s known internet addresses. And that is how he was able to get information from around 40 million customers.

The good news here was that only general information of customers was exposed and no financial information was leaked or compromised.

Related: Who is a Cybersecurity Analyst? Key Responsibilities, Skills & Salary

Has this ever happened before?

This attack wasn’t the first one as there have been several data breaches over the past few years.

The most recent one was in January 2021.
Before that, there was another breach in November 2019.
In August 2018, another attack on the servers happened that involved unauthorized access to customer information.
An attack in 2015 happened where hackers stole the personal data of around 15 million T-Mobile wireless customers.
In 2020, T-Mobile’s employee email accounts were breached.

Where does the problem lie?

The problem here is the absence of security control that allows hackers to easily get into T-Mobile’s systems. A data breach of this magnitude at T-Mobile only happened because there were too many loopholes in their system. Even the hacker claimed that there was a configuration problem on the access point that is used by the company for testing. And this issue made the access point available to the public on the internet. Now all the hackers had to do was find that particular gate.

All of this could have been avoided if the company was conducting a proper scope penetration test right from the beginning. They should have used their internal network monitoring tools. Had they been able to use the cybersecurity techniques in the best possible manner, they would have been able to identify, test, and highlight any kind of vulnerabilities in their security postures. And this could have at least prevented some of these attacks to a great extent.