Can We Really Trust T-Mobile?

By Matthew Vulpis October 06, 2021

Recently T-Mobile confirmed nearly 48 million current, former, and prospective customers were compromised in a massive data breach. While only confirmed a couple days ago, the investigation into the breach began last week, when T-Mobile learned of claims made in an online forum stating an attacker had compromised its systems.

After confirming the breach, T-Mobile then shared its preliminary analysis results, which stated approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be in the stolen files, in addition to just over 40 million records of former or prospective customers who had applied for credit with T-Mobile.

The data stolen in the breach included customers' first and last names, birthdate, Social Security number, and driver's license/ID information for a subset of current and former postpay customers as well as prospective T-Mobile customers. However, so far there is no indication that the data in stolen files included customers' financial data, credit or debit card information, or other payment data, as T-Mobile also reported no phone numbers, account numbers, PINs, or passwords were compromised in affected files related to current postpaid customers or former or prospective customers.

Given the company's recent history with data breaches, some experts say T-Mobile should have been able to detect the rogue activity inside its network before learning about the attack from an online forum. While the company has not yet confirmed how the attack happened, the person who claims responsibility for the attack says T-Mobile misconfigured a gateway GPRS support node that seems to have been used for testing. The node was exposed to the Internet, which allowed the attacker to pivot to the LAN.

This incident marks the fifth time in four years that T-Mobile has been breached and had it’s data hacked. Starting in 2018, while merging with Sprint, T-Mobile was breached with hackers obtaining customer names, billing zip codes, phone numbers, email addresses, account numbers, and account type. During the breach. Roughly three percent of the company’s 77 million users at the time were affected, meaning the hackers gained access to information pertaining to about two million people.

This incident was followed up just a little over a year later, as the T-Mobile was breached once again in November of 2019. The breach, while smaller than in 2018, once again exposed customer data such as names, billing addresses, phone numbers, account numbers, rate plans, and plan features.

Then in 2020, amidst the chaos caused by the Covid-19 pandemic, T-Mobile was breached not once, but twice over the course of eight months, between March and December of last year. These breaches were once again smaller than the 2018 incident, with only about 200,000 customer’s data being exposed in the December breach. However, both breaches, much like their predecessors, exposed sensitive data, such as phone numbers, number of lines subscribed to and in a small number of cases some call-related information collected as part of normal operation and service.

In terms of the newest breach, T-Mobile says it has located and closed the access point it believes was used to gain access to its servers and is offering two years of free identity protection services for those affected, consumer trust in the company’s security measures is sure to be waning. And while the latest breach was certainly the most damaging in terms of the number of accounts exposed, from an individual standpoint, all the breaches raise red flags for both current and future T-Mobile customers.

The exposure of information such as name and birthdate puts people at higher risk for identity theft, and while many businesses have reduced their dependence on Social Security numbers, they are still core to a person's digital identity. The release of billing addresses, many of which may be home addresses not publicly listed, is also a major danger to those who live there, especially high-profile people and others whose privacy may already be at risk.

Unfortunately, while it's become common for businesses to be breached multiple times, such a consecutive series of breaches over a somewhat short period of time will likely weaken customer trust and put pressure on T-Mobile to seriously improve it’s cybersecurity measures. Cyberattacks are increasing in both volume and sophistication as we push into a new digital age, meaning T-Mobile will surely have a difficult task in front of them.

On top of this, while it's clear T-Mobile has a lot of work to do to not only address numerous gaps in its security program, they also have to work on restoring customer confidence in their brand. Considering the number of breaches it has disclosed in recent years, security-conscious customers will now have to strongly consider whether T-Mobile is worthy of their trust and their business.




Edited by Luke Bellos
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Content Contributor

SHARE THIS ARTICLE
Related Articles

$100M Towards Innovative Capital Options: AppDirect Secures New Funding from CDPQ

By: Alex Passett    1/9/2024

New funding from CDPQ provides AppDirect with the power to help technology providers and advisors in transforming and scaling their businesses while m…

Read More

NextPlane's Affordable Microsoft Teams PSTN Calling Solution for UCaaS and Service Providers

By: TMCnet Staff    5/23/2023

NextPlane's Affordable Microsoft Teams PSTN Calling Solution for UCaaS and Service Providers

Read More

Snapchat Announces its New ChatGPT-Powered 'My AI' Chatbot

By: Alex Passett    2/27/2023

The popular app Snapchat is now offering a new friend, of sorts: My AI. Powered by ChatGPT, the bot is already integrated for select users to experime…

Read More

Black-owned Businesses See Vision Become Reality with Dialpad, and Sacramento King's Davion Mitchell

By: Greg Tavarez    2/24/2023

Dialpad is further expanding its Tech for Black Founders program and partnership with Sacramento Kings' point guard Davion Mitchell to promote Black-o…

Read More

IDEA Showcase 2023 at ITEXPO Gives Startups Opportunity for Exposure

By: Greg Tavarez    2/16/2023

IDEA Showcase 2023 at ITEXPO in Ft. Lauderdale, Florida, gave entrepreneurs a chance to present pitches to a panel of judges.

Read More