New year, same serious cybersecurity threats. On January 4, T-Mobile informed some of its customers that a new data breach had occurred on the company's network. While the impact currently seems to be relatively minor, the breach is the fourth of its kind in the last three years for the telecommunications giant, according to Fox Business.
T-Mobile's latest situation is a reminder of how common data breaches are. Whether you're a major corporation or a small business organization, your data matters. Taking steps to secure your information, like employing a terminal emulator for use with legacy mainframes, can help you save time, money and reputation.
A small percentage of customers
According to a letter published by T-Mobile, and sent to any impacted customers, the attack occurred in early December, and was shut down as soon as it was discovered. Further review determined that hackers had accessed a category data called "customer proprietary network information," or CPNI. Examples of CPNI include phone numbers and the total number of lines on an account and some call-related information.
The breach affected about 200,000 customers, according to ZDNet. While that number is certainly large, it also only represents 0.2% of T-Mobile's total number of users. No information was given on how hackers were able to infiltrate T-Mobile's network. The company said it has investigated the attack with a team of cybersecurity experts.
In its letter to customers, the company noted that no personal information was stolen as a part of the breach.
"The data accessed did not includes on the account, physical or email address, financial data, credit card information, social security numbers, tax ID, passwords or PINs," the document read.
The letter ends with a phone number where impacted customers could call if they had questions or wanted more information. However, because no personal or financial information was stolen, the company is not providing free credit monitoring services to impacted customers.
It is unclear what, if any, consequences, the telecom company will face as a result of the attack, but a dip in consumer confidence is certainly possible. Following the announcement of the hack, T-Mobile shares dropped 2.5% in value, according to Fox Business. Additionally, businesses issuing T-Mobile devices to employees — or whose staff uses mobiles on the carrier's network — in conjunction with their IoT infrastructure could have imperiled other hosts on their corporate networks, ranging from desktop computers to operational technology.
Not an isolated incident
The most recent data breach at T-Mobile is perhaps the least impactful of the four that have occurred in recent years. In a breach that occurred in August 2018, hackers were able to steal the personal information of about 2 million T-Mobile customers.
Two other attacks, from November 2019 and March 2020, both also involved customer and employee personal information, in contrast to the most recent threat. The November 2019 attack was discovered before a large amount of personal data was impacted, with all impacted customers being on the company's prepaid service. In March 2020, hackers attacked T-Mobile's email vendor and accessed the names, addresses, phone numbers, account numbers, rate plans and billing information of both customers and employees.
Sprint, which merged with T-Mobile this past year, also suffered two data breaches, only two months apart, in 2019. Both cyber attacks occurred before the merger occurred.
Plugging cybersecurity vulnerabilities
As more and more work continues to move online, cybersecurity threats are a growing problem for organizations of all sizes. These threats include potential data breaches. In addition to losing you time and money, data breaches, especially of customer information, can undermine consumer trust. In some cases, companies that improperly guarded customer data and are subsequently attacked may be held liable in court or by the FTC, according to TechRepublic. At the very least, companies that are the victims of a data breach have a responsibility to inform compacted consumers.
One of the largest cybersecurity breaches in American history, the 2017 Equifax data breach, was in part the result of the company's failure to update programs written in vulnerable open-source code — specifically, the Apache Struts application development framework. As a result, data was stolen from a staggering 143 million Americans, or about 40% of the population, according to CSO United States
While Equifax's oversights were especially egregious, considering the amount and sensitivity of the data they were protecting, anyone using a long-established, open-source programming language like Java in its major applications runs a very similar risk. Luckily, terminal emulation can help you avoid the use of Java code, even on any legacy hardware you still run, and help keep your organization safe from data breaches and other threats.