Scribd
Upload
318 views6 pages

Khalil-Aarousse-Applied-Project-Investigate-A-Recent-Data-Breach Assignment

khalil-aarousse-applied-project-investigate-a-recent-data-breach assignment

Uploaded by

sheryar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
318 views6 pages

Khalil-Aarousse-Applied-Project-Investigate-A-Recent-Data-Breach Assignment

khalil-aarousse-applied-project-investigate-a-recent-data-breach assignment

Uploaded by

sheryar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Attack Case Study

T-Mobile

© Copyright IBM Corp. 2023


On August 17, 2021, T-Mobile learned that a bad
actor illegally accessed and/or acquired personal
data. The bad actor first gained access to T-
Mobile systems on or before July 19, 2021. Our
investigation is ongoing, but we have verified
Attack Category: that a subset of T-Mobile data had been
accessed and/or acquired by unauthorized
individuals and the data stolen from our systems
did include some personal information. The
latest details about the affected data are
available.
The mobile service provider said in a statement that it had
been investigating the data breach since last week, when it
was “informed of claims made in an online forum that a
bad actor had compromised T-Mobile systems.”
The company said the stolen files included information from
approximately 7.8 million current T-Mobile accounts, as well
as records of more than 40 million former or prospective
Company customers who had applied for credit with the company.
Description and Some of the exposed data included customers’ first and last
names, social security numbers, driver’s license and other
Breach Summary information, T-Mobile said. It also included the PINs of
about 850,000 active prepaid customers.
Event 1
1 A cyberattack on T-Mobile uncovered the information of more than
40 million people.

Event 2
2 found and immediately closed the access point that we trust it was
used to illegally gain entry to our servers.

Event 3
3 Contribution two years of free identity protection services with McAfee’s ID
Theft Protection Service to any person who believes they may be affected
Timeline
Event 4
4 eligible T-Mobile customers sign up for blocking protection through
Scam Shield

Event 5
5 Offering an extra step to protect your mobile account with our Account Takeover Protection
capabilities for postpaid customers, which makes it harder for customer accounts to be
fraudulently ported out and stolen.

Event 6
6 Around 850,000 active T-Mobile prepaid customer names, phone
numbers and account PINs were wide-open.
Vulnerabilities
Overall Summary The mobile operator revealed that the compromised data included full names, dates of birth, SSNs
and driver’s license/ID information for 7.8 million current T-Mobile post-paid customers as well as over 40 million former
or respective customers who had applied for credit with T-Mobile. No phone numbers, account numbers, PINs,
passwords, or financial information were exposed for these users. However, names, phone numbers, and account PINs
were exposed for 850,000 active T Mobile prepaid customers.

Vulnerability 1 Vulnerability 2 Vulnerability 3 Vulnerability 4


Summary Summary Summary Summary
Overall Summary The mobile
operator revealed that the
Victim profiles The more over SMS messages, SIM swapping Another
compromised data included full breaches occur, the impersonating the type of attack that is
names, dates of birth, SSNs and easier it is for attackers to specific to phone users is
driver’s license/ID information for mobile operator. At
7.8 million current T-Mobile post- build complete victim SIM swapping. This is
paid customers as well as over 40 profiles and launch first glance, in when an attacker
million former or respective
attacks that are the case of the 48 manages to convince a
customers who had applied for
credit with T-Mobile. No phone increasingly hard to million current, former, mobile operator to
numbers, account numbers, PINs, detect by both companies and prospective T- associate a victim's
passwords, or financial information
were exposed for these users. and users. Mobile customers phone number with a SIM
However, names, phone numbers,
whose personal card under their control
and account PINs were exposed for
850,000 active T Mobile prepaid details were exposed. to receive all their phone
customers. calls and text messages
Costs Prevention

• 1 data of about 850,000 • 1 T-Mobile is proposing all


prepaid customers was also impacted customers a free two-
hacked, as well as more than 40 year subscription for McAfee's
million records of former or ID Theft Protection Service,
prospective customers. which take account of credit
Costs and • 2 The data breach could turn
monitoring, full-service identity
restoration, identity insurance,
Prevention out to be an expensive one for
dark web monitoring.
the mobile operator, as new
investigation shows the ordinary • 2 Business and postpaid customers
cost of a data breach has can also enable T-Mobile's Account
increased to more than $4.7m. Takeover Protection service for free
and all T-Mobile users can use the
company's Scam Shield app that
allows caller ID and automatically
blocks calls identified as scams.

You might also like