STE WILLIAMS

Staffer emails compromised and customer details exposed in T-Mobile US’s third data whoopsie in as many years

US telco giant T-Mobile has suffered an attack that could have spaffed customer information far and wide.

The company did not specify exactly when the attack took place (and has yet to respond to questions from The Register) in its Notice Of Data Breach.

The attack gave miscreants access to employee email accounts, which contained customer account information. The data included names, addresses and phone numbers as well as rate plans. T-Mobile was quick to reassure customers that financial information and Social Security numbers were not exposed.

Presumably its employees don’t send that sort of stuff around in email form.

The attack itself was against T-Mobile’s email vendor, and led to ne’er-do-wells gaining “unauthorized access”. The usual act of slamming the stable door long after the horse has bolted is under way with the company “reviewing” its security policies and procedures “to enhance how we protect these systems”. It has also reported itself to federal law enforcement as well as beginning the grim task of informing customers.

Far be it from us to suggest that T-Mobile US is prone to springing the odd security leak or two, but back in 2018 the personal details of 2 million customers were spaffed, again with no financial data, and more than a million prepaid account holders had their privates ogled after the carrier was compromised again in 2019.

The UK tentacle of the brand was borged into Everything Everywhere in 2010, which became the EE we all know and love today. The companies are quite separate entities and The Register understands that UK customers of the former T-Mobile brand are not affected.

T-Mobile US reported strong customer growth last year, with more than 86 million by the end of Q4 2019 and revenues for the year at $34bn (PDF), although lurking in the small print where the company disclosed factors that might hit future results it does warn that “inability to implement and maintain effective cyber security measures over critical business systems; breaches of our and/or our third-party vendors’ networks, information technology and data security, resulting in unauthorized access to customer confidential information” might cause a wobble or two. ®

Sponsored:
Detecting cyber attacks as a small to medium business

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/tmobile_breach/

  • 05/03/2020
  • adm
Comments are closed.