T-Mobile and its customers have become the victim of a cybersecurity issue. In a statement released this week, T-Mobile has indicated that an unauthorized entry into its network may have given hackers access to customer records. The data that may have been stolen includes ZIP codes, phone numbers, email addresses and even account numbers. The intrusion was quickly shut down, and no financial data, social security numbers or passwords were compromised. But it does make you wonder how they got into that first line of data? Of course, the good news is that they didn’t get the financial information, but like I said – how were hackers able to infiltrate that system in the first place?
We have almost become accustomed to this, haven’t we? I mean, it’s like every week there’s some kind of cyber attack happening on someone, somewhere. I don’t mean to sound cavalier about it because it is a serious issue. But the fact remains, this is the world that we live in now and it makes you wonder what kind of security these companies have in place to stop or prevent some kind of attack?
The attack took place early this past week. Hackers managed to breach a database by exploiting a vulnerable API. Isn’t that always the way though? There always seems to be some API that just isn’t quite secure, and boom – your personal information is all over the internet. As I mentioned, the good news is that T-Mobile cybersecurity staff were able to detect the attack very quickly. The not so good news is that while the attack only affected less than 3% of the company’s customers, that still works out to be about 2 million people whose information has now been stolen.
To credit T-Mobile, they did move quickly in order to notify the customers who were affected. This isn’t something that we always see. If you remember the Equifax data breach, it took months before they notified customers, and even then they weren’t going to do anything, it seemed. Perhaps T-Mobile’s quick response was because of new legislation that encourages prompt, responsive disclosure? Regardless, it’s good to see a company taking a data breach seriously.
T-Mobile says that customers who do not receive a notification don’t need to be concerned that their personal data was accessed. Even though passwords were not compromised, T-Mobile is still reminding users that “it’s always a good idea to regularly change account passwords.”
Is this a warning for us all? Absolutely. But, unfortunately, there isn’t much that we can do about it. Regardless of the company, there’s a chance that they will become a victim of a security breach. Should they have known about the vulnerability in the API? Maybe, but we never know about something until it’s too late, so is there more they could have done? I would say yes, but I’m not convinced that it would have made a difference. If it wasn’t T-Mobile, it would have been someone else. I guess what I’m trying to say is that our data is no longer safe – regardless of who it’s with. I hope that thee are better security tools built in the near future, and if you can help it, don’t give your data to a company.