Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Communications Privacy United States IT

T-Mobile Data Breach Exposed Phone Numbers, Call Records (bleepingcomputer.com) 14

T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. From a report: Starting this week, T-Mobile began texting customers that a "security incident" exposed their account's information. According to T-Mobile, its security team recently discovered "malicious, unauthorized access" to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI. The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.
This discussion has been archived. No new comments can be posted.

T-Mobile Data Breach Exposed Phone Numbers, Call Records

Comments Filter:
  • To a random cop or two-bit marketing sleazebag, having access to that much cell network information would be considered a degraded service situation.

  • by organgtool ( 966989 ) on Thursday December 31, 2020 @04:36PM (#60883348)
    They were breached in 2018 and again in 2019, and they almost went through 2020 without a hack, but alas "almost" only counts in horse shoes, hand grenades, and data security.
  • Remember the phone book? If only we could go back in time.

  • "T-Mobile states that the data breach did not expose account holders' names, physical addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords, or PINs."

    Why is T-Mobile permitted to keep social security numbers or tax IDs? Once a credit check is done those numbers are no longer needed. They should be deleted as if they never had them.

    • They didn't say that they retain the information forever, they said that the information was not exposed.

      What if was a breach of new users? It isn't true that once the credit check is done the information isn't needed; they might need to be able to audit the credit check process, and review the information on new users. So it might need to be retained somewhere for a few weeks.

      They're a big company, whose business involves a lot of fraud protection for themselves, and cooperation with law enforcement. They

  • by dgatwood ( 11270 ) on Thursday December 31, 2020 @11:18PM (#60884066) Homepage Journal

    Suddenly glad I use Sprint.

    Wait.

    Crap.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...