100m T-Mobile Customer Records Purportedly Up for Sale
Monday, August 16, 2021
The asking price is crazy cheap, one expert told Threatpost: It comes out to about a penny per purported victim. That’s quite a bargain for cybercrooks, given that the records are rich in data that can be used to conduct ” targeted mobile attacks, social engineering, sophisticated phishing campaigns or financial fraud.”
Ilia Kolochenko, founder of the Swiss app sec firm ImmuniWeb and a member of the Europol Data Protection Experts Network, told Threatpost that what’s even worse is that the records reportedly encompass data from 2004 to 2021 and “can cause extreme invasion of privacy or be used for blackmailing of wealthy victims.
“Given that the offer seems to be new and unique, the price is very cheap: just 1 cent per victim. The records, which allegedly contain such extremely sensitive data as social security numbers and full histories of mobile phone usage, can be exploited to conduct targeted mobile attacks, social engineering, sophisticated phishing campaigns or financial fraud,” Kolochenko said via email.
Kolochenko thinks it’s “pretty likely” that one of T-Mobile’s suppliers could have unwittingly facilitated or caused the data breach, “Based on the available technical information.”
“If so, it will be another grim reminder about the importance of Third-Party Risk Management (TPRM) programs and risk-based vendor vetting,” he noted.
T-Mobile could be in for a world of legal hurt if the breach is confirmed, Kolochenko predicted. “T-Mobile may face an avalanche of individual and class action lawsuits from the victims, as well as protracted investigations and serious monetary penalties from the states where the victims are based.
Nonetheless, it’s too early to freak out, Kolochenko advised: “It would be premature to make conclusions before T-Mobile makes an official statement on the quantity and nature of the stolen data. The potential victims should refrain from panic and contact T-Mobile asking what type of intermediary support and compensation may be provided while the investigation is in progress. Some remediate actions, such as changing your driving license, may be time-consuming and costly, and I’d not precipitate here unless T-Mobile undertakes to cover the costs or confirm that the information was actually stolen.” Read Full Article
TechCentral.ie: T-Mobile investigates potential 100m user data breach
SiliconANGLE: Venture capital firm Advanced Technology Ventures struck by ransomware