![]() “The messages reveal that each time LAPSUS$ was cut off from a T-Mobile employee’s account, either because the employee tried to log in or change their password, they would just find or buy another set of T-Mobile VPN credentials” Krebs wrote. In April 2022 a group of largely teenage hackers breached T-Mobile and downloaded over 30,000 source code repositories (even gaining access to Atlas, an internal T-Mobile tool for managing customer accounts) according to a new eye-popping report by independent investigative journalist Brian Krebs, who was leaked internal Telegram group messages from the LAPSUS$ group by a disgruntled former associate. The company played down the breach, saying "some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained" and that unlike in a 2022 T-Mobile incident there was "no evidence that the bad actor breached or compromised T-Mobile’s network or systems." While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program." ![]() T-Mobile said this week: "We understand that an incident like this has an impact on our customers and regret that this occurred. In the wake of a 2021 data breach T-Mobile entered into long-term partnerships with Mandiant, and KPMG, saying “we know we need additional expertise to take our cybersecurity efforts to the next level, and we’ve brought in the help" - CEO Mike Sievert adding that Mandiant will “support us as we develop an immediate and longer-term strategic plan to mitigate and stabilize cybersecurity risks" while KPMG will “perform a thorough review of all T-Mobile security policies and performance measurement… focus on controls to identify gaps." T-Mobile hack 2023: Company downplays impact ![]() The "bad actor" used a single API to pull data including details like name, address, data of birth, account number from a customer database, T-Mobile said - with the incident coming just six months after it agreed to pay $500 million to settle a class action lawsuit launched after a 2021 data breach that included the commitment that it would spend a further $150 million on “data security and related technology” in 20. T-Mobile has announced a massive breach of customer data every year like clockwork since 2018 (sometimes twice in a year) and early in 2023 the telecommunications company was not one to buck corporate tradition - saying a hacker had stolen the day of 37 million customers in the latest incident for the company.
0 Comments
Leave a Reply. |