The cybersecurity team at T-Mobile discovered and halted an attack after a malicious actor had gained unauthorized access to the personal information of some customers during an ongoing security breach that the company disclosed on 20 August.
While no financial data, passwords or social security numbers were compromised, T-Mobile wrote, “You should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”
The company also affirmed that it has security measures in place to protect customer information from unauthorized access, though they provided no specifics on the details of those safeguards.
“This security incident favorably stands out among many others by prompt detection and transparent disclosure,” said Ilia Kolochenko, CEO, High-Tech Bridge.
“Many of the recent data breaches, including the most disastrous ones, were discovered weeks ago but then announced months after the occurrence. T-Mobile serves as a laudable example of prompt incident response. This, however, does not absolve them from accountability for the breach and further cybersecurity enhancement to prevent similar incidents in the future.”
Cell phones being compromised puts both individuals and enterprises at risk of all types of exploitation. Despite the prompt detection and response, the information compromised during the security breach could be used for nefarious purposes, according to Amit Sethi, security consultant at Synopsys.
“Hackers stole customer names, ZIP codes, phone numbers, email addresses, account numbers and account types. This information can potentially be used in targeted attacks where attackers can impersonate customers to T-Mobile’s customer service representatives,” Sethi said.
“Attackers may also be able to impersonate the customers to other wireless carriers and attempt to port the numbers in order to hijack the phone numbers. People who are impacted should ensure that they have set up a PIN with T-Mobile that they use to authenticate to customer service representatives and that is required to port their phone numbers to another carrier.”