I'm sure you've seen the story. T-Mobile has confirmed that a data breach has occurred, they just won't confirm what was taken yet.
“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” the company said in a statement. “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed.”
Motherboard reported a hacker selling T-Mobile customer data from 100M+ users on the dark web. The hacker has provided a sample of SSNs, phone numbers, names, physical addresses, unique IMEI numbers, and driver license numbers that checked out with Motherboard.
Sharon Besser, SVP of Guardicore, weighed in on the breach.
"This is yet another example of how important it is to properly segment internal environments to limit attackers' ability to access 'crown jewel' data. While it appears a misconfigured IP core element GGSN was the entry point, the attacker admittedly had to make several pivots before gaining access to production servers holding PII and other highly sensitive information. Repeated instances like this highlight the fact that organizations still struggle with reducing the attack surface and limiting lateral movement once a trusted network has been compromised."
###