Skip to content

Posts

T-Mobile & AT&T Breaches: Dataprise Defense Digest


By: Dataprise

Dataprise Defense Digest 550x550

Table of content

Executive Summary

Two of the biggest wireless carriers in the US have been breached, resulting in millions of records of customer information being stolen and sold on the dark web.
On August 16th, T-Mobile was hacked, and malicious actors got away with anywhere from 50 to 100 million records containing personal information like phone numbers, addresses, SSN’s, potential billing information, etc.

Allegedly, late this week, AT&T was also victim of a similar breach, exposing around 70 million records – at the time of this publication, AT&T had not confirmed this.

Impact

While these breaches may not directly impact an organization, the personal data obtained can be leveraged as a very effective social engineering tool. Malicious actors could use the data to easily impersonate someone (sending a text with your name/phone number) and to authenticate themselves by providing accurate personal information. Besides the latent threat of identity theft, the repercussions of how this data could be misused could be disastrous on both a personal and a corporate level. 

Detailed Analysis

At this point it’s not well known how the breaches took place, since forensic information has not been disclosed. It’s believed that malicious actors gained access by breaching associated vendors of the carrier companies, giving them access to multiple servers inside T-Mobile and AT&T’s networks, with more than enough time to download massive amounts of data. 

Indicators Of Compromise

Unknown at this point – if you are a client of either carrier, there’s a high likelihood that your data has been exposed. 

Mitigation Steps

At this point, T-Mobile is offering free identity theft protection; it will provide customers with two-year protection through McAfee. 

It’s also highly recommened that you:

  • Log in to your carrier’s website, change you PIN and password, and add MFA (Multi-Factor Authentication) if available.
  • Place a freeze on your credit by calling one of the credit bureaus.
  • Make friends, family, and colleagues aware of the breach to help create general awareness.

Sources

Contributing Authors

  • Stephen Jones, Senior Director Cybersecurity
  • Maximo Bredfeldt, vCISO

Featured Resources

25 July 2024
Dataprise Women in Technology: Meet Jess

Learn More

Corporate Culture
24 July 2024
Optimizing Your Azure Environment: A Guide to Achieving the Gold Standard

Learn More

Cloud
22 July 2024
Understanding the Microsoft CrowdStrike Outage: Key Insights

Learn More

Cybersecurity
View More

Recent Tweets

INSIGHTS

Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.

At Dataprise, your privacy is important to us. We use the information you provide on our forms to address your inquiries and improve our services. We do not share your data with third parties without your consent, except as required by law.

For more information, please read our full Privacy Policy here.