Guest blogger, Chris Bonatti, an IECA Consultant Explains What Happened
Forward by CyberWyoming: Data breaches and reporting laws are discussed in Wyoming’s Cybersecurity Competition for Small Businesses. Join the competition at www.cyberwyoming.org/competition. (IECA’s membership makes the Competition free to all Wyoming small companies.)
T-Mobile had suffered a catastrophic fifth data breach in just four years. T-Mobile is saying that this was a sophisticated hack that entailed brute force penetration of their system. The alleged perpetrator, a US citizen living in Turkey, said quite the opposite in a Telegram interview with The Wall Street Journal. He says he didn’t have to brute force anything. Rather, he described T-Mobile’s security as “pathetic”. He said he had access to over 100 servers, and millions of records, none of which were encrypted.
We don’t know all the details yet, but it’s looking like late December has T-Mobile suffering their sixth breach. The new attack appears to be related to a criminal SIM swapping campaign. At this point, T-Mobile looks like the last place you’d want to entrust with your Personally Identifiable Information (PII).