T-Mobile recently announced a security breach affecting its employees and customers. According to the company’s data breach notification published on the company’s website, the breach occurred due to an attack” against its email vendor. The hacker(s) were able to access some T-Mobile employee email accounts, which contained T-Mobile account information belonging to various customers and employees, such as:

  • Names
  • Addresses
  • Phone numbers
  • Account numbers
  • Rate plans and features
  • Billing information
EXPERTS COMMENTS
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
March 06, 2020
This security incident highlights the wide spectrum of critical risks stemming from third-party vendors and suppliers.
This security incident highlights the wide spectrum of critical risks stemming from third-party vendors and suppliers.

In light of the obscure circumstances and clouded scope of the reported breach, it would be premature to assess the overall damage or speculate about the eventual consequences. For the time being, T-Mobile's public response seems to be adequately adapted to the nature of the breach, aimed at minimizing damage and protecting potential victims. This does not, however, shield T-Mobile from individua ....
[Read More >>]
Wade Woolwine, Principal Security Researcher,  Rapid7
March 06, 2020
Adding a layer of user behaviour analytics to detect brute force attacks.
Adding a layer of user behaviour analytics to detect brute force attacks.

When organizations consider outsourcing or SaaS'ing traditional enterprise IT services, like email, special considerations need to be made for threat monitoring. Not only must the outsourced service or technology integrate with your existing logging and monitoring initiatives, but you may need to consider a new set of attack vectors to monitor for. In the case of outsourcing email to a SaaS prov ....
[Read More >>]
Peter Goldstein, CTO and Co-founder,  Valimail
March 06, 2020
T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts.
T-Mobile's breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts.

In an era when BEC attacks are proving to be a highly popular and effective attack method, these types of incidents are unfortunately far too common. T-Mobile's breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts. With access to a plethora of personal data on past and current customers and employees, hackers can potentially tr ....
[Read More >>]

