By Segun Fatuase
The exposure of secure or private/confidential information to an untrusted environment is data breach. This cyber security incident, wherever it happens, makes public confidential information/data thereby giving the network provider a reputational damage and exposing the owner of data to blackmail and untold danger by disreputable characters.
Our local mobile networks including MTN, AIRTEL, 9MOBILE and GLO need to pay due attention to this nagging problem which can cause reputational damage and erode the confidence of their numerous customers whose biometrics and other personal details are in their (mobile networks’) care.
The hacking of the servers of T-Mobile network by threat actors few days ago and the attendant cost in money and reputation further heightens the fear that this global problem may be on the rise with much devastating effect in a developing country like Nigeria where cyber intelligence is not as advanced.
T-Mobile has suffered six data breaches in the past four years. In 2018, millions of T-Mobile customers’ info was accessed by hackers. In 2019, T-Mobile prepaid customers’ data was exposed. In March 2020, hackers gained access to T-Mobile employee’s email accounts. In December 2020, hackers gained access to the customer proprietary network information (CPNI).
In February 2021, threat actors gained access to an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts.
The databases stolen during the recent attack were said to contain the data for approximately 100 million T-Mobile customers, including IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, Social security numbers, driver’s license numbers, and date of birth. While T-Mobile is continuing its investigation, screenshots of the stolen databases and servers accessed by the attackers indicate that the threat actors downloaded customer data during the cyberattack. It was learnt that the data stolen approximately two weeks ago contains customer data going back as far as 2004.
T-Mobile itself confirmed that threat actors hacked its servers in a recent cyber attack adding that investigations are still on to know the extent of exposure and ascertain whether customer data was stolen.
“We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,’’ T-Mobile was quoted as saying..
‘’We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others,’’ it added.
Just as the news was rocking the cyber world, stakeholders in the sector have activated a threat response basically to address customers’ questions and concerns. After a security breach, the approach is to apply tact to limit the reputational damage and reduce recovery time as well as financial costs.
Of great concern is Customers’ apprehension about their personal data . T-Mobile, for instance, was confronted with reports that a threat actor was selling the alleged personal data for 100 million of its customers after hackers breached database servers operated by the mobile network. This significant breach becomes more bothersome as the hackers will have enough information and possibly go a step further to engage in SIM swapping attacks.
This can be easily done by hackers who will simply transfer a phone number to their own devices to receive password reset and multi-factor authentication requests that could allow them to breach other accounts belonging to a customer.
As things stand now, Threat Response mechanisms should be activated by all mobile networks. Hackers/threat actors have become so daring to purchase the data. Customers of mobile networks, particularly T-Mobile customers should operate under the assumption that their data are already exposed and take appropriate measures to curb the extent/level of exposure.
One of the ways to curb the menace is for customers to watch out for suspicious emails or SMS texts disguised as if they are authentic messages from their mobile networks. Customers should not be in a haste to click any links embedded in the sent messages as adept hackers can use them to harvest credentials and biometrics.
The second concern is cyber intelligence. This relates to how mobile networks stay one step ahead of hackers. Ondrej Krehel, a former CISO of IDT911 who now runs his own security company, LIFARS, believes there are specific issues regarding a data breach that keep mobile networks on their toes.
“When a breach happens, your main goal is to get rid of the enemy who has entered your network. Most companies have the cyber security tools and technology supposed to prevent a breach, but too many don’t have the cyber intelligence necessary to respond to the emergency,” Krehel said.
(Culled and rewritten)
One more important part is that if you are a senior citizen, travel insurance pertaining to pensioners is something you need to really look at. The more aged you are, the harder at risk you are for having something negative happen to you while in another country. If you are certainly not covered by some comprehensive insurance policies, you could have some serious complications. Thanks for expressing your ideas on this website.
Aw, this was a very nice post. In idea I wish to put in writing like this moreover ?taking time and precise effort to make an excellent article?but what can I say?I procrastinate alot and under no circumstances appear to get one thing done.
Have you ever considered publishing an ebook or guest authoring on other websites? I have a blog based on the same topics you discuss and would love to have you share some stories/information. I know my subscribers would enjoy your work. If you’re even remotely interested, feel free to send me an e mail.
contact me on seguntuase@gmail.com
Hey! Would you mind if I share your blog with my myspace group? There’s a lot of folks that I think would really appreciate your content. Please let me know. Thanks