T-Mobile has launched an investigation into a claim that the personal facts of extra than 100 million of its clients had been compromised.
The assert was to start with identified and claimed by Vice Information. Scientists came across a hacker on an online discussion board asking for Bitcoin in trade for Social Security numbers.
While T-Cellular isn’t outlined in the forum for sale article, the hacker instructed Vice that the data was a subset of 100 million documents that experienced been taken from T-Cell servers.
The hacker alleged that the company misconfigured a gateway GPRS guidance node made use of for screening, exposing it to the internet and allowing the attacker to inevitably pivot to the LAN.
It is alleged that the stolen details contains customers’ phone numbers, names, physical addresses, Social Security numbers, and driver licenses.
The hacker reported that the relaxation of the data, which isn’t becoming offered for sale on the forum, is currently being sold privately.
In a statement to Reuters, T-Cell said: “We are aware of promises manufactured in an underground discussion board and have been actively investigating their validity. We do not have any further data to share at this time.”
Sharon Besser, SVP of Guardicore, said that if the facts breach does verify to be authentic, it displays how critical it is to adequately segment internal environments to restrict attackers’ skill to accessibility ‘crown jewel’ data.
“Recurring situations like this emphasize the point that businesses nevertheless battle with lessening the attack surface area and limiting lateral motion at the time a trustworthy network has been compromised,” she mentioned.
Jack Chapman, VP of Threat Intelligence at Egress, said the facts breach “could be a single of the most significant leaks of consumers’ sensitive info we’ve noticed so significantly this calendar year” thanks to the quantity of potential victims.
“The info leaked in this breach is noted as currently being already accessible to cyber-criminals, who could now weaponize it to formulate advanced phishing attacks targeting the victims,” said Chapman. “Observe-up attacks may well make the most of the info accessed by this details breach to trick individuals into sharing extra individual information that can be made use of for id and economical fraud.”
Some elements of this short article are sourced from: