As safe as you might feel sitting at your laptop, happily typing and posting and scrolling, we all know the truth: the internet is actually a giant hellscape full of spies, criminals, ransomware, and all kinds of other dangerous shit.
Earlier this week, T-Mobile confirmed news and reports that the company had been hacked and experienced a wide customer data breach. And while the company’s findings show not all 100+ million customers are affected, it’s still bad news, and the details are going from bad to worse.
After confirming over 40 million customers’ user data was compromised, on Friday, the mobile carrier reported that hackers illegally accessed customer names, dates of birth, phone numbers, social security numbers, addresses, and even IMEI numbers for customer devices. This includes current, former, and potential customers, as well as postpaid users.
T-Mobile also said it had identified an additional 667,000 accounts of former customers that were accessed. This is bad news as hackers can easily use that info for identity theft, SIM swapping attacks to intercept secure two-factor logins, and other harmful activities.
So far, the number of affected customers is over 50 million. In a press release, the company said it’s taking immediate steps to help protect affected customers and is coordinating with law enforcement.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” said the company. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
The company has now opened a dedicated webpage full of information for customers. Here, T-Mobile users can find information on how to change their PIN or passwords or sign up for a complimentary 2-years of McAfee ID Theft Protection services. T-Mobile recommends postpaid customers change their PIN and have already alerted many users or reset it themselves.
As part of its ongoing data breach investigation, T-Mobile has confirmed the enormity of the stolen information. Roughly 47.8 million current and former or prospective customers have been affected by the cyberattack on its systems, the carrier confirmed on Wednesday. Of that number, about 7.8 million are current T-Mobile postpaid accounts and the rest are prior or potential users who had applied for credit, the company added in a press release.
Worryingly, the data includes some personal information including the first and last names, date of birth, SSN, and driver’s license/ID information for a “subset of customers.” So far, T-Mobile said it does not have any indication that the stolen files contain phone numbers, account numbers, passwords or financial information.
What’s more, the company said about 850,000 active T-Mobile prepaid customers also had their names, phone numbers and account PINs exposed. The affected users do not include Metro by T-Mobile, former Sprint prepaid, or Boost users and T-Mobile said it has reset the PINs on these accounts. In addition, it claimed that “some additional information” from inactive prepaid accounts was accessed through prepaid billing files.
The findings from the carrier’s preliminary analysis come just days after it was notified of a data breach. Initially, it was reported that a member of an underground forum claimed to have obtained the data for over 100 million T-Mobile customers. The culprit was reportedly selling information of about 30 million T-Mobile customers for about $270,000 in Bitcoin.
As part of its compensation and mitigation efforts, T-Mobile is offering affected customers two years of McAfee’s ID Theft Protection Service; recommending all postpaid users change their PIN; and setting up an online resource page. T-Mobile said that it began coordination with law enforcement on Tuesday as its investigation into the data breach — the third such attack it has suffered in the past two years — continues.
Following reports of a , T-Mobile has confirmed it’s investigating a cybersecurity incident. In an , the company said someone gained unauthorized access to its computer systems, but that it has yet to determine if any customer data was stolen.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the carrier said.
When Motherboard first broke the news of the data breach on Sunday, the information of about 30 million T-Mobile customers was on sale on the dark web for about $270,000 in Bitcoin. A hacker told the outlet they had obtained social security and IMEI numbers connected to more than 100 million people. As of the , T-Mobile had 104.7 million subscribers. The carrier said it could not “confirm the reported number of records affected or the validity of statements made by others” until it completes its investigation. Once it knows more about the situation, T-Mobile promises to proactively contact customers.
No matter what version of Windows you are running, you need to update NOW. If you are truly paranoid, shutdown your Print Spooler service, and set it to Manual start. You’ll need to start it to print to a network printer, but you will protect your system and network from this serious threat. Check out the article from Digital Trends below.
To Our Customers: If your servers are managed by Proactive Computing, they are already protected from the PrintNightmare threat. But please follow the instructions below to update your Windows PCs and Laptops today.
Is it any wonder Microsoft is rumored to be launching Windows 11, with the Microsoft Vulnerabilities Report showing the largest uptick since the inception of the report? Who could blame Microsoft for wanting to dump Windows 10 and start all over with Windows 11? Microsoft Vulnerabilities Report News of vulnerabilities never seems to make users feel at ease. And while we’ve heard much about the Windows vulnerabilities, we tend to think all operating systems have vulnerabilities – and they do! But some have more – many more – than others. The 2021 Microsoft Vulnerabilities Report… Read more
Whether there is a ransom or not, data breaches always have financial implications. Organizations may face regulatory penalties, operational losses, and reputational damage. Careful planning can save you time and money.
McDonald’s is now one of the latest companies to have suffered a third-party data breach. The company says it is not dealing with ransomware, but that the breach did include store information from the US and some customer information in both Taiwan and South Korea.