![]() ![]() Since customers know there was a recent security incident, they may not think twice before engaging with an individual who claims they can help. “The attacker can pretend to be T-Mobile support over voice or text in order to get customers to share their login credentials. “An area code is all an attacker needs to carry out a socially engineered mobile phishing attack,” he said. While the attackers weren’t able to collect any highly sensitive personal data, there is still risk posed to those whose phone numbers were stolen in the breach, Hank Schless, senior manager for security solutions at Lookout, told Threatpost. ![]() T-Mobile said it is investigating the incident with help from law enforcement and a security firm, and it told outlets that 0.2 percent of customers (around 200,000 people) were affected. ![]() The good news is that the data accessed did not include names on the account, physical or email addresses, financial data, credit-card information, Social Security numbers, tax ID, passwords or PINs, the wireless company said in the notice. T-Mobile said that the thieves in this case lifted phone numbers, number of lines subscribed to on accounts, “and, in some cases, call-related information.” Specifically, that data consisted of customer proprietary network information (CPNI) – a data set that the FCC calls “some of the most sensitive personal information that carriers and providers have about their customers.”ĬPNI includes records of which phone numbers users called the frequency, duration, and timing of such calls and any services purchased by the consumer, such as call waiting. The wireless carrier disclosed the breach last week via its website, saying that it detected and shut down “malicious, unauthorized access to some information” related to T-Mobile accounts. T-Mobile USA has reported a data breach – its fourth in three years. ![]()
0 Comments
Leave a Reply. |