Tech News

The T-Mobile rupture is much worse than it should have been

[ad_1]

In an email from one night to the next, T-Mobile shared details about it confirmed data breach Monday afternoon. They are not great. Multiple data from more than 48 million people were put at risk, and although less than the 100 million initially announced by hackers, the majority of those affected are nowhere near T-Mobile customers.

Instead, T-Mobile says more than 40 million of the people who questioned the data are former customers or future customers who applied for credit with the carrier. Another 7.8 million are current “paid” customers, which is just T-Mobile customers billing at the end of each month. Approximately 48 million users had their first and last names, dates of birth, social security numbers and driver’s license information stolen. They revealed the names, phone numbers and PINs of an additional 850,000 prepaid customers — who pre-finance their accounts. The investigation is underway, which means the account may not stop there.

There’s no good news here, but it’s a little less bad as it seems that most customers don’t take phone numbers, account numbers, PINs, passwords, or take financial information for violations. The main question, however, is whether T-Mobile really needs to keep the sensitive information of the 40 million people who don’t actually do business. Or if the company would store that data, why didn’t it take better measures to protect it.

“Overall, the U.S. Wild West is still concerned about the kind of information companies can store about us,” says Amy Keller, a law firm partner at DiCello Levitt Gutzler, after she filed a class action lawsuit against Equifax. 2017 credit bureau breakdown. “I am just amazed and not surprised. You can say it’s a frustration. “

Proponents of privacy have long advocated the concept of data minimization, a relatively self-explanatory practice that encourages companies to have access to enough information. European General Data Protection Regulations It codifies the practice by requiring that personal data be “appropriate, relevant and limited to what is necessary in relation to the purposes for which it is processed”. The US currently has no equivalent in books. “Privacy laws in the United States those who touch on minimizing data generally don’t need it, ”says Keller,“ and recommend it as best practice. ”

As long as the US does not support a private state law similar to the GDPR or state law California Consumer Privacy Act it starts to take a harder line – reducing data will remain a strange concept. “In general, collecting and storing sensitive data from potential customers and seniors is not an act of consumer fraud, and is commonplace,” says David Opderbeck, director of the Institute of Law, Science and Technology at Seton Hall University. While T-Mobile finds it inappropriate to keep accurate records of millions of people who have never been customers, it doesn’t stop them from doing anything while they want to.

Now, these past and future customers, along with millions of current T-Mobile subscribers, are the victims of an uncontrolled data breach. “The first risk is identity theft,” says John LaCour, founder and CEO of digital risk protection company PhishLabs. “The information includes names, social security numbers, driver’s license IDs: all the information someone would need to apply for credit.”

The hack would make it easier to extract the so-called SIM exchange attacks, Says LaCour, in particular, they revealed PINs and phone numbers against prepaid customers. In a SIM exchange, a hacker carries your number to his or her device, which usually captures two-factor SMS authentication codes to make it easier to access your online accounts. T-Mobile did not respond to an international inquiry into WIRED into whether the international mobile phone identity numbers were also involved in the breach; each mobile device has a unique IMEI, which would also be useful for SIM-swappers.

T-Mobile has put in place some measures in favor of the victims; is offering a two-year identity protection service from McAfeer’s ID Theft Protection Service, and has already reset the PINs of 850,000 prepaid customers who revealed theirs. It is recommended, but does not require that all paid customers also change their PINs and provide a service called account protection to facilitate attacks in exchange for SIM cards. It also plans to publish a site on Wednesday to get “single station information,” although the company did not say whether it will offer any search to find out if the breach has an impact.

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button