back to article Hackers clock personal deets on 'two million' T-Mobile US subscribers

T-Mobile US systems were hacked this week, the cellular giant confirmed in a brief note on its website this week. The break-in was spotted on August 20 by the firm's cyber-security team, it said, and the miscreants booted out same day. "Out of an abundance of caution, we wanted to let you know about an incident that we …

  1. Doctor Syntax Silver badge

    "EE, which absorbed T-Mo's UK operations, confirmed to El Reg that no Brits were affected."

    How do they know? Have they gone through all 2 million and checked that they don't have UK nationality or that none of them have UK residency as well have having a US subscription?

    1. Anonymous Coward
      Anonymous Coward

      'How do they know?'

      Drip feed, Drip feed and yet more Drip feed... They don't know! Even if they had the best forensic security team in already they couldn't know 100%. But drip feeding is the name of the game.

      If Cali pass their own GDPR law, I hope there's a rule that says, revised breach numbers incur double the penalty. Otherwise firms will simply lie and downplay the degree of the damage. Then continue to drip feed subsequent numbers, until the story is no longer newsworthy. Then <BAM> Real numbers, horrific breach!

      1. Mark 85 Silver badge

        Re: 'How do they know?'

        If Cali pass their own GDPR law, I hope there's a rule that says, revised breach numbers incur double the penalty.

        All that will do is stop companies from revising the numbers. If it's going to cost them money, they won't do it.

  2. Woodnag

    none of the customers' financial data were lifted?

    "However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid)."

    Sounds like financial data to me.

  3. GnuTzu

    "Breach exposed details..." -- Now at Epidemic Proportions

    Time to call it. Headlines starting with these words are now way too common. I would even go as far to say breaches are now as common as breeches (admittedly hyperbole).

    So, ummmm..., is it now officially time for industry to wake up? I'd say it's past time, but who's going to make it official, and what are they going to do about it--make it easier to sue for damages? Seems hopeless doesn't it? At what point will the damages be so great that the market and society will experience--[insert list of horrific catastrophic calamities here]?

  4. Kev99 Silver badge

    Hey, Boss. Let's store our customers' most sensitive information on the cloud. You know, the internet. All it will cost is a decent modem we can buy at WalMart. Best of all, everything else will be free. Yea, the net is safe. What's that? A net is a bunch of holes held together with string? Nah, the cloud is safe. Huh? A cloud is just a bunch a holes held together by vapor? You worry too much. It's safe, Boss.

    1. Yoghæmmer

      you inverted the actors there...

      should be:

      Boss to techies:

      Techies: ... bad idea....

      Boss: problem, we will do it anyway...

    2. AllTheShizzle

      That's Not How It Works

      This has nothing to do with the 'Cloud'. All these details have to technically available over the Internet, they can't be isolated. Otherwise you can't manage your mobile, or any other service, account. Whether a server is a cloud VM vs on T-Mobile's property is not even mentioned, or really relevant in this context. There was an API that seems to have been public, or somehow not secured.

      With respect, these kind of superficial, idiotic populist comments add nothing to the discussion. I kind of get the sentiment, but it's misdirected and I don't see the point in your post.

  5. gnarlymarley

    Now is the time for the loads of fake IDs to head into the stores and have them get new sims. Yeah, maybe no financial data or social security numbers were nicked, but names and other data that would be used in the fake ID scams would have been.

    1. Kevin Fairhurst

      Ah what's the problem with that? Okay so my bank uses my mobile phone for 2FA, and this means that the crims can take over my mobile number, and therefore intercept the 2FA messages from my bank, meaning they can take over my bank account too. But what's the big deal, right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022