T-Mobile US, one of America’s wireless network operators headquartered in Overland Park, Kansas, and Bellevue, Washington, US, has suffered another data breach in a few months, making it the seventh incident in five years.
According to The Register, which has been following the story, the latest data theft is significantly smaller in comparison to the telco’s 37 million subscribers whose data leaked earlier in the year.
T-Mobile 836 Subscribers Suffer Data Theft
According to a letter shared by Infosecurity, unauthorized activity was detected in T-Mobile’s network in March but the illegal access appeared to have started in late February.
The telecoms company assured its customers and shareholders that no financial information or call logs were compromised but admitted that PINs and most of the vital PII were exfiltrated.
“The information obtained for each customer varied but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines,” the “Un-carrier,” said in its letter.
T-Mobile said that not all customers were affected by the breach and letters were sent to those whose data was compromised on April 28. In addition, the telco reset the PINs for all affected users, meaning if you experienced trouble with your account that could have been the reason why.
T-Mobile Data Breach Woes Date Back To 2018
T-Mobile has faced numerous instances of customer data breaches over the years affecting millions of its customers.
The first notable breach occurred in 2018, with unauthorized access to two million customer records, including hashed passwords.
In the following year, data belonging to over a million customers was exposed. The year 2020 saw two more breaches in March and December.
The situation worsened in 2021 when a massive leak saw 48 million customer records uploaded onto the dark web.
Capita’s AWS Buckets are Leaking
As T-Mobile moves to contain the situation, Capita, a London-based digital services company is battling a researcher’s claims that it compromised data by leaving an AWS S3 bucket unsecured for at least seven years.
According to a report on the matter, the password-free bucket stored more than 3,000 files all amounting to 655GB comprising of files, spreadsheets, server images, text documents, and PowerPoint presentations.
The researcher alleges that one of the files had the login details for one of Capita’s systems and filenames in the bucket suggesting that Capita still uses it.
Capita was notified in late April and the bucket has since been secured, the researcher said. However, the company maintains that there was nothing sensitive in the bucket.
Misconfigured AWS S3 storage buckets have caused significant data breaches for various companies, including Twilio, McGraw-Hill, and even US military cyber resilience contractors.
These leaky buckets have resulted in the exposure of sensitive information that was meant to be kept confidential. These incidents highlight the prevalence of misconfigurations in cloud storage, which even large companies can fall victim to.
Bluefield University Students on Edge After System Hack
Students at Bluefield University in Virginia are dealing with an annoying ransomware attack with hackers blowing up their phones with text messages in addition to studying for their finals at this time of the year.
The school reported the attack on Sunday saying that the issue may take several days to resolve in addition to reassuring students and faculty that “as of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft.”
The university’s assertion is however not helpful and questionable, especially when the unidentified attacker managed to infiltrate the institution’s RamAlert system, a tool commonly used for weather advisories or active shooter situations.
According to the hacker, they “have admissions data from thousands of students,” totaling more than 1.2TB, and they are ready to utilize it. The university has not responded to the attacker yet but has taken steps to mitigate the situation by requesting faculty not to use the school’s email on top of suspending finals.
- Environmentalists Sue FAA Over SpaceX Starship Environmental Damage
- LinkedIn Phases Out InCareer App in China Citing Competition & Tough Macro Climate
- Legal Gambling Apps Drove $220 Billion in US Sports Bets in 5 Years
What's the Best Crypto to Buy Now?
- B2C Listed the Top Rated Cryptocurrencies for 2023
- Get Early Access to Presales & Private Sales
- KYC Verified & Audited, Public Teams
- Most Voted for Tokens on CoinSniper
- Upcoming Listings on Exchanges, NFT Drops