Data Breach: Hackers’ Delight, Mobile Networks’ Nightmare, Customers’ Agony

By Segun Fatuase


The exposure of secure or private/confidential information to an untrusted environment is data breach. This cyber security incident, wherever it happens, makes public confidential information/data thereby giving  the network provider a reputational damage and exposing the owner of data to blackmail and untold danger by disreputable characters.

Our local mobile networks including MTN, AIRTEL, 9MOBILE and GLO need to pay due attention to this nagging problem which can cause reputational damage and erode the confidence of their numerous customers whose biometrics and other personal details are in their (mobile networks’) care.

The hacking of the servers of  T-Mobile network  by threat actors few days ago and the attendant cost in money and reputation further heightens the fear that this global problem may be on the rise with much devastating effect in a developing country like Nigeria where cyber intelligence is not as advanced.

 T-Mobile has suffered six data breaches in the past four years. In 2018, millions of T-Mobile customers’ info was accessed by hackers. In 2019, T-Mobile prepaid customers’ data was exposed. In March 2020, hackers gained access to T-Mobile employee’s email accounts. In December 2020, hackers gained access to the customer proprietary network information (CPNI).

In February 2021, threat actors gained access to an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts. 

The databases stolen during the recent  attack were said to contain the data for approximately 100 million T-Mobile customers, including IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, Social  security numbers, driver’s license numbers, and date of birth. While T-Mobile is continuing its investigation, screenshots of the stolen databases and servers accessed by the attackers indicate that the threat actors downloaded customer data during the cyberattack. It was learnt that the data stolen approximately two weeks ago contains customer data going back as far as 2004.

T-Mobile itself confirmed that threat actors hacked its servers in a recent cyber attack  adding that investigations are still on to know the extent of exposure and ascertain whether customer data was stolen.

“We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,’’ T-Mobile was quoted as saying..

‘’We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others,’’ it added.

Just as the news was rocking the cyber world, stakeholders in the sector have activated a threat response basically to address  customers’ questions and concerns. After a security breach, the approach is to apply tact to limit the reputational  damage  and reduce  recovery time as well as  financial  costs.

Of great concern is Customers’ apprehension about their personal data . T-Mobile, for instance, was confronted with reports that a threat actor was selling the alleged personal data for 100 million of its  customers after hackers breached database servers operated by the mobile network. This significant breach becomes more  bothersome as the hackers will have enough information and  possibly go a step further  to engage in  SIM swapping attacks.

This can be easily done by hackers who will simply transfer a phone number to their own devices to receive password reset and multi-factor authentication requests that could allow them to breach other accounts belonging to a customer.

As things stand now, Threat Response mechanisms  should be activated by all mobile networks. Hackers/threat actors  have become so daring to purchase the data. Customers of mobile networks, particularly T-Mobile customers should operate under the assumption that their data are already exposed and take appropriate measures to curb the extent/level of exposure.

One of the ways to curb the menace is for customers to watch out for suspicious emails or SMS texts disguised as if they are authentic messages from their mobile networks.  Customers should not be in a haste to  click any links embedded in the sent  messages as adept  hackers can  use them to harvest credentials and biometrics.  

The second concern is cyber intelligence. This relates to how mobile networks stay one step ahead of hackers. Ondrej Krehel, a former CISO of IDT911 who now runs his own security company, LIFARS, believes there are specific issues regarding a data breach that keep mobile networks on their toes.  

“When a breach happens, your main goal is to get rid of the enemy who has entered your network. Most companies have the cyber security tools and technology supposed to prevent a breach, but too many don’t have the cyber intelligence necessary to respond to the emergency,” Krehel said.



(Culled and rewritten)