Yet another reason why everyone needs to freeze their credit at all three agencies. (in the US, and do the equivalent if elsewhere)
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed
- Thread starter MacRumors
- Start date
- Sort by reaction score
'For a small business, you can more easily lock things down and restrict access'
Yes, because as a small business you have billions to throw around at the problem to hire the top experts in security. Give me a ***** break. These companies are sloppy and don't invest enough in security. 99% of the things exploited in these "hacks" things come from them not following basic OWASP guidelines. If you're system is "too complex" to secure, then get rid of it and build a simpler one.
Forget that! Our government will NEVER make Big Companies accountable for these data breaches and the effect it has on billions of people every year. Big Corporations NEVER suffer. Only the little people.
I unfortunately signed up with TMobile a little over 2 weeks ago -- because my SO was complaining about MY cell phone service. I hope I was too late to be affected by all this mess!
the price isn't very different at all, given the benefits. bmw's cost more than mazdas — nothing is free in this world, but you can feel the difference
Yep. had they updated those servers it wouldn't been an issue. Also, since the server was set up for testing they should have restrict access to it until it's fully tested.
Everyone needs to assume that their information has already been stolen, and act accordingly. Freeze your credit and pay the $20/mo for credit monitoring and ID theft protection.
Fact: 95% of all credit card numbers are readily available on the dark web.
Fact: 95% of all credit card numbers are readily available on the dark web.
The small car dealership isn't comparable to T-Mobile. Even a huge one wouldn't be, since the dealership doesn't really need to be online, but T-Mobile is running an entire packet core.
It's likely that T-Mobile screwed up by forgetting to update something. I'm sure a DIY job is going to have mistakes too, but probably nobody will exploit them.
My guess: someone set that GPRS server up years ago and left the company and the persons in that department didn't get informed about it or something ridiculous like that.
That would be a good possibility of what happened. Still, any properly run IT Dept should run a monthly network scans and report of any undocumented / unknown servers on the network. NMAP scanning tool in Linux can scan the network and even try to identify any open ports. They can output this to a text file for comparison later.
Got my three dollar and change iPhone check the other day, can’t wait to put that baby towards a new iPhone 13! 🤯🤪
Only for one year? That information could be used for ID theft for years on end and the only person injured is the consumer
We need to hold corporations more accountable for negligence like this.
Equifax comes to mind... How are they still operating in the same manner? Where are the huge fines and jail time?
We also need to start refusing to provide PII to corporations. Why do they need all this info? In the postpaid account case (and generally), the whole credit bureau / score thing needs to be reworked. Maybe move it all to pre-paid and remove the need for credit checking? We need an ApplePay-like system where ID & payment are secure, but minimal data - just an account ID token and account balance / payments - is stored.
Equifax comes to mind... How are they still operating in the same manner? Where are the huge fines and jail time?
We also need to start refusing to provide PII to corporations. Why do they need all this info? In the postpaid account case (and generally), the whole credit bureau / score thing needs to be reworked. Maybe move it all to pre-paid and remove the need for credit checking? We need an ApplePay-like system where ID & payment are secure, but minimal data - just an account ID token and account balance / payments - is stored.
Yep. Any sense of digital privacy we might have is an illusion at this point.
As someone else posted, freeze your credit at all three agencies. Lock down your SS and IRS and state accounts. Non-US folks do whatever's similar in your part of the world. Read through every bank and card statement every month.
