Hackers clock personal deets on 'two million' T-Mobile US subscribers T-Mobile US systems were hacked this week, the cellular giant confirmed in a brief note on its website this week. The break-in was spotted on August 20 by the firm's cyber-security team, it said, and the miscreants booted out same day. "Out of an abundance of caution, we wanted to let you know about an incident that we …
Drip feed, Drip feed and yet more Drip feed... They don't know! Even if they had the best forensic security team in already they couldn't know 100%. But drip feeding is the name of the game.
If Cali pass their own GDPR law, I hope there's a rule that says, revised breach numbers incur double the penalty. Otherwise firms will simply lie and downplay the degree of the damage. Then continue to drip feed subsequent numbers, until the story is no longer newsworthy. Then <BAM> Real numbers, horrific breach!
"However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid)."
Sounds like financial data to me.
Time to call it. Headlines starting with these words are now way too common. I would even go as far to say breaches are now as common as breeches (admittedly hyperbole).
So, ummmm..., is it now officially time for industry to wake up? I'd say it's past time, but who's going to make it official, and what are they going to do about it--make it easier to sue for damages? Seems hopeless doesn't it? At what point will the damages be so great that the market and society will experience--[insert list of horrific catastrophic calamities here]?
Hey, Boss. Let's store our customers' most sensitive information on the cloud. You know, the internet. All it will cost is a decent modem we can buy at WalMart. Best of all, everything else will be free. Yea, the net is safe. What's that? A net is a bunch of holes held together with string? Nah, the cloud is safe. Huh? A cloud is just a bunch a holes held together by vapor? You worry too much. It's safe, Boss.
This has nothing to do with the 'Cloud'. All these details have to technically available over the Internet, they can't be isolated. Otherwise you can't manage your mobile, or any other service, account. Whether a server is a cloud VM vs on T-Mobile's property is not even mentioned, or really relevant in this context. There was an API that seems to have been public, or somehow not secured.
With respect, these kind of superficial, idiotic populist comments add nothing to the discussion. I kind of get the sentiment, but it's misdirected and I don't see the point in your post.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
