In the email T-Mobile shared a lot of data breach confirmed Monday afternoon. They are not good. Information from more than 48 million people was compromised, and although it is only a handful of the 100 million burglars initially announced, most of those affected will not be current T-Mobile customers.
Instead, T-Mobile claims that of the people whose data was compromised, more than 40 million were former customers who would have applied for a loan from the carrier. Another 7.8 million are current “paid” customers, which simply means T-Mobile customers who pay off debts at the end of each month. Approximately 48 million users had full names, birthdays, social security numbers, and driving license information. An additional 850,000 prepaid customers, who pay their bills in advance, disclose their names, phone numbers, and PINs. This research is ongoing, which means that the calculations will not stop there.
There’s no good news here, but the bad news a little bit is that most customers don’t seem to have their phone numbers, account numbers, PINs, passwords, or financial information not mentioned. The big question is, if T-Mobile really needed to keep these confidential information from 40 million non-commercial users. Or if the company had kept this, why didn’t they take steps to protect them.
“To put it bluntly, it is still West West in the United States in terms of information companies that can inform us about us,” said Amy Keller, a colleague of law firm DiCello Levitt Gutzler who led a lawsuit against Equifax later. the credit bureau breaking 2017. “I was shocked, and I was not surprised either. I think you might say I’m upset. ”
Privacy experts have been promoting the idea of reducing data loss, a self-explanatory practice that encourages companies to use less information if necessary. In Europe All Security Laws establishes this practice, requiring that personal information be “sufficient, necessary and limited in relation to its design.” The US here does not have the same in these books. “Privacy policy in the United States data-related mitigation does not mean this, “says Keller,” but rather advises that it is the best option. “
Unless the US implements a secret omnibus law similar to the GDPR – or state law if California Privacy Policy has begun to take a solid line — the reduction of data will still be a strange idea. “In any case, collecting and storing sensitive information about prospective and former customers is not fraudulent to consumers in accordance with U.S. law, and is a practice,” said David Opderbeck, director of the Seton Hall University’s Institute of Law, Science & Technology. Unacceptable as T-Mobile would seem to be keeping a close eye on millions of people who may not have been their customers, nothing can stop him from doing so, as long as he wants to.
Now the old and prospective customers, including millions of subscribers to T-Mobile, are found to be suffering from violations of what they did not have the power to do. “The first threat is theft,” says John LaCour, founder and CTO of digital security company PhishLabs. “This information includes names, social security numbers, driver’s license IDs: everything they would need to register as an individual.”
This type of theft can also make it easier to get rid of so-called SIM switch, LaCour says, especially against prepaid customers whose PINs and numbers are disclosed. In SIM transitions, hackers write down your number on their devices, especially in order to obtain valid SMS-based credentials, which makes it easier to access your online account. T-Mobile did not respond to a request from WIRED as to whether International Mobile Equipment Identity numbers were also affected by the breach; each phone has a unique IMEI that can be invaluable for SIM-swappers.
T-Mobile has developed a number of security measures in place for victims; offers two years of information security from McAfee’s Theft Protection Service ID, and has already established PINs of 850,000 prepaid customer customers. We strongly encourage non-payment customers to change their PINs, and provide Account Takeover Protection to address SIM-swap threats. It is also planning to publish a “single information” page on Wednesday, though the company has not said if it will offer any other opportunities to see if it affects you.
Source link
