T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

[NMBob]

I won't say that all senior citizens executives who can't master technology should be publicly flogged, but if we made an example of one or two, it might give the others incentive to try harder.

-mostly Sheldon Cooper

 

[techno-Zen]

I've already been pwn3d many times over. why not one more.

FFS Corporate America, get your #$% together.r

 

[Rafagon]

Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued.

A subset?

Is that supposed to make me feel better?

A subset could be 99%.

 

[collin_]

“Customers are due to be contacted shortly with the news that T-Mobile will immediately offer two years of free identity protection services with McAfee's ID Theft Protection Service”

I actually laughed out loud

 

[ThatGuyInLa]

What about us peasants using MetroPCS?

 

[81Tiger04]

Frustrating and not acceptable.

 

[sirozha]

Wow! This sucks. Not acceptable. Over 50,000 people. That s too much

50,000,000. That’s too many.

 

[HornOfAbraxas]

WOW! these guys using insecure Windows Servers tied to the Internet to keep their data on?
Or the better option LINUX!

I would always use LINUX servers in mission critical DATA.

Windows 10 and 11 client are great to use not connected to the internet.

But Windows Server is so insecure. I would never trust it to host large valuable data on the internet.

LINUX RULES for Mission Critical servers. UNIX even better !! BSD UNIX AWESOME.

I don't KNOW what THE RANDOM capital Letters are FOR, but as an OSCP... it's not about the OS. Linux has plenty of vulnerabilities. It's more about user training, admin training, and the security philosophy of the whole company.

If the network security department is underfunded, understaffed, and undertrained, all of their servers will be vulnerable, regardless of OS. Since network security is a pure spender (no profit generation), it's often cut from budgets. It also has an intangible value if implemented correctly ("We haven't been hacked in the history of the company! Why do we even need to pay all this money for network security?") so it's difficult to justify to the bean-counters.

Until they're hacked, of course.

 

[BuffaloTF]

Man… these guys really are trying hard to contact me concerning my cars warranty. Such great lengths!

 

[btrach144]

As a former customer, I’m angered with T-Mobile and will remain a former customer.

 

[PinkyMacGodess]

After reading that, the only question I had was 'What security?'...

 

[rafark]

Wow! This sucks. Not acceptable. Over 50,000 people. That s too much

50k is peanuts

 

[ghanwani]

Now I'm concerned since it says "former customers" data could be impacted. I was a customer about 10-12 years ago.

 

[Doctor Q]

I think a change in society is coming, where the assumption is that all of your identifying information is public, since vendors, the government, and hackers have all that information and it will continue to leak.

Instead of trying to keep the cat in the bag, we'll instead change habits, knowing that we must always use biometric and other 2FA methods everywhere and every time we need to identify ourselves, because otherwise anyone else can pretend to be you.

 

[rneglia]

I keep my credit reporting accounts closed down

What product do you recommend to open and close your credit as needed?

 

[Dark_Omen]

Maybe it's time the government develops a system for one time use keys for social security numbers. So, when companies want to do credit checks or background checks. It's only good for that one check and they don't get a persons real SSN permanently.

Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.

That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.

Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.

Phone carriers should get out of the business of selling devices and just provide cellular service. People should be buying bloat-free phones directly from the manufacturer.

 

[ghanwani]

Phone carriers should get out of the business of selling devices and just provide cellular service. People should be buying bloat-free phones directly from the manufacturer.

How does that help? A couple of years ago, I wanted to try T-Mobile service in my house to see if was better than AT&T. They required an SSN for both prepaid and post paid plans. And so I passed on it and just decided to stick with AT&T.

 

[bear_in_mind]

Maybe it's time the government develops a system for one time use keys for social security numbers. So, when companies want to do credit checks or background checks. It's only good for that one check and they don't get a persons real SSN permanently.

Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.

That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.

Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.

Agreed. Should've been legislated a decade ago, when the breaches were just as frequent, but databases were smaller and nowhere near as lucrative.

If it were implemented today, it'd take 5-10 years for the data already in circulation to become stale, but better to start late than never.

 

[Woodstockie]

Here we go again. I wonder why they still need to store certain information like SSN if you have been with them for several years and paid your bills on time. The hunger of all these companies to gather (and leak) information has to be managed better.

 

[synergize]

Man… these guys really are trying hard to contact me concerning my cars warranty. Such great lengths!

So tired of these abject morons contacting me 15 times a week about my car warranty, total scumbags!

 

[Dark_Omen]

How does that help? A couple of years ago, I wanted to try T-Mobile service in my house to see if was better than AT&T. They required an SSN for both prepaid and post paid plans. And so I passed on it and just decided to stick with AT&T.

Because they no longer have a reason to check your credit if you aren't financing a phone.

 

[Bushibot]

let’s be honest. It has always been sheer madness that companies are allowed to data warehouse information like this. They do it, because they can. It should be completely illegal for any customer data to not be encrypted, but since no laws require it lazy cheap companies like T-Mobile do whatever they want. Customer data has always been treated as a cash cow and white zero respect across the telecom industry.

 

[senttoschool]

Maybe it's time the government develops a system for one time use keys for social security numbers. So, when companies want to do credit checks or background checks. It's only good for that one check and they don't get a persons real SSN permanently.

Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.

That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.

Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.

Good ideas.

Unfortunately, half of the country won’t adopt this because they think it’s another way for the government to spy or control you.

 

[jefhai]

We should still class action sue them. My identity information is worth far more than 2 years of theft protection

 

[jefhai]

let’s be honest. It has always been sheer madness that companies are allowed to data warehouse information like this. They do it, because they can. It should be completely illegal for any customer data to not be encrypted, but since no laws require it lazy cheap companies like T-Mobile do whatever they want. Customer data has always been treated as a cash cow and white zero respect across the telecom industry.

Not this information should verify credit worthiness and then be immediately deleted. Should not be kept of encrypted. Get the customer on a trusted payment plan and delete all other data not needed. Like SSN