data breach Archives - IT Security Guru

T-Mobile data breach impacts over 40 million users – Security Experts Have Their Say

The Gurus — Fri, 20 Aug 2021 13:38:31 +0000

T-Mobile, one of the world’s largest telecommunications providers and mobile networks, admitted this week that over 40 million customers had been impacted by a data breach. With a reported 104 million T-Mobile customers, this latest breach has hit a significant number of the user base.

The company released a statement saying “a highly sophisticated cyberattack” was to blame for the exposure.

Of the information breached, social security numbers, names, phone numbers, and account pins were accessed.

The full statement, which can be found here, goes on the say that roughly 7.8 million current T-Mobile post-paid customers appear to be compromised.

T-Mobile has said it has identified the hackers entry point which has now been fixed and will be offering its customers two years of free identity protection services to ensure the protection of their personal information.

Commenting on the news and offering their insights are the following cybersecurity experts:

Trevor Morgan, Product Manager, comforte AG:

“The reported data breach affecting T-Mobile and T-Mobile customers could have significant repercussions across the board. While more details still need to be substantiated (and T-Mobile says they are actively investigating the incident), T-Mobile customers should do what they can to protect against any further compromise by locking down personal credit and other accounts and exercising hyper-vigilance in the days and weeks to come. For T-Mobile, the situation brings up privacy concerns and questions about the level of due diligence they’ve enacted to prevent hacks and data breaches—the outcome, depending on the facts, could include fines, legal action, and of course reputational damage.

The average enterprise, though, has an opportunity to learn from this. T-Mobile is an international company with ample resources at their disposal to prevent situations such as this, but the truth of the matter is that hacks and breaches are inevitable even for the most well-protected enterprise. Defensive methods such as protecting perimeters around data are not fool-proof, and a determined threat actor can always find ways to circumvent this type of data security. Better to investigate data-centric security that protects the data itself instead of the borders around it. Methods such as tokenization replace sensitive data elements with representational tokens, rendering any stolen data useless. Learning from the T-Mobile incident and determining how data-centric security could augment your security posture would definitely be a good call.”

Martin Jartelius, CSO, Outpost24:

“The data that is indicated by preliminary sources point to the kind of information useful in frauds where the identities of others is used. It is very hard for affected individuals to take action at this moment as the actual illegal use of the data wont target those individuals directly but rather be used in attempted frauds against third parties.

Without going into details it is quite unsettling that such large amounts of sensitive information has been both stored in such a manner it could get extracted without detection, as well as the fact those sets of data don’t seem to have been stored encrypted. However it is still too soon to make any certain statements, we can just hope T-Mobile are successful in their investigation and help concerned customers.”

Chris Sedgwick, Security Operations Director, Talion:

“Whilst nothing has been confirmed yet, the report that T-Mobile, a major telecom operator has suffered a major data breach, indicating that sensitive data of up to 100 million customers, including names, mobile numbers, addresses, financial details may be visible to unauthorised actors. This would be classified as sensitive data and could land T-Mobile a heavy GDPR fine. On a practical level, although it is believed no passwords were exposed, the type of data that has been breached such as drivers licence details and Social Security numbers holds significant value to criminals given that this information can be used to enumerate money from victims or to set up bank accounts/loans in their name using these details. Unlike passwords that can easily be changed, the details exposed in this alleged breach are harder to remediate.”

Christos Betsios, Cyber Operations Officer at Obrela Security Industries:

“T-Mobile has now confirmed that it has suffered a data breach, with 7.8 million current customers, and over 40 million former and prospective customers impacted. While it is positive news that no financial information appears to have been accessed, it doesn’t make this breach any less concerning.

According to the latest update from T-Mobile, customer names, dates of birth, phone numbers, ID information and account PINs were exposed. This kind of data is incredibly useful to hackers, as phone numbers and names can be used for phishing scams, while social security numbers, names, dates of birth, and driver’s license information can be leveraged for identity theft.

Affected customers should make use of the ID Theft Protection Service that T-Mobile is offering to customers, but should also work with credit monitoring services to ensure no credit applications are taken out in their names by attackers.

While there can be no denying that data breaches are commonplace today, you would hope a company as large as T-Mobile would learn from previous incidents to harden its systems and improve security. Reports have suggested the company has already been impacted by as many as six separate data breaches, this raises alarm bells and suggests the company’s security program has a number of flaws which need to be addressed.”

Sam Curry, Chief Security Officer, Cybereason:

“As T-Mobile continues an investigation into a recent data breach that has impacted more than 100 million customers, the only people who know the situation right now are on the inside at T-Mobile. I am looking forward to their continued transparency in the days ahead as the investigation continues. They haven’t played the victim card which is wise, and they can only be seen as the hero, never the victim.

This breach is a reminder that as consumers our personal information has been stolen many times over and sold on the DarkWeb. It appears that social security numbers, government ID numbers, drivers’ license information and other personal information is being made available for sale. However, what is most concerning is the availability of mobile phone identity numbers tied to each specific customer’s phone. With a blend of consumer data, criminals can more easily dupe consumers into opening phishing emails and phishing texts.

Data breaches, ransomware attacks and other malicious threats are not receding, only increasing in frequency and severity. We should all be on the lookout for the back-to-school scams and typical post summer resurgence of business that will only likely herald an uptick in attacks while whetting the appetites of cyber criminals to carry out more brazen attacks.”

The post T-Mobile data breach impacts over 40 million users – Security Experts Have Their Say appeared first on IT Security Guru.

Aadhaar Data Leak

The Gurus — Mon, 20 Nov 2017 16:20:28 +0000

More than 200 central and state Govt websites have leaked the personal user data of individuals using India’s National ID system.
Read Full Story
ORIGINAL SOURCE: IBTimes

The post Aadhaar Data Leak appeared first on IT Security Guru.

Personal data of millions of Malaysian citizens allegedly for Sale online

The Gurus — Fri, 20 Oct 2017 10:26:05 +0000

Personal data of millions of Malaysian citizens is apparently up for sale online- it could potentially be the biggest breach in the countries history.
View Full Story
ORIGINAL SOURCE: IBTimes

The post Personal data of millions of Malaysian citizens allegedly for Sale online appeared first on IT Security Guru.

Iran Responsible for Parliament Cyber-Attack

The Gurus — Tue, 17 Oct 2017 09:45:58 +0000

It has emerged that Iran was behind the cyber attack on the UK Parliament in June this year; the attack attempted to break account holders’ passwords. It is unclear as to why, or what hackers where after.
Read Full Story
ORIGINAL SOURCE: Information Security Magazine

The post Iran Responsible for Parliament Cyber-Attack appeared first on IT Security Guru.

Data Breach Costs Vary Significantly by Organization

The Gurus — Wed, 06 Sep 2017 09:39:05 +0000

In reality, data breach costs can vary substantially by organization and some of those costs may not even become apparent for several years, analyst firm Forrester Research cautioned in a report released this week. So, when building a business case for investments in data security and operational security, it is better to develop tailored breach estimates instead, Forrester said.
View Full Story
ORIGINAL SOURCE: Dark Reading

The post Data Breach Costs Vary Significantly by Organization appeared first on IT Security Guru.

Fujitsu's Australian cloud suffers storage crash, outage

The Gurus — Mon, 21 Aug 2017 09:39:49 +0000

Fujitsu Australia has confirmed that its data centre in the Australian suburb of Homebush has experienced an outage.“A storage array in Fujitsu’s Homebush data centre became unavailable at 9.24PM on Saturday night and has affected services to customers,” a spokesperson told The Register. “We are treating this matter as a major incident and we have activated our internal crisis management processes.”
Read Full Story
ORIGINAL SOURCE: The Register

The post Fujitsu's Australian cloud suffers storage crash, outage appeared first on IT Security Guru.

TalkTalk fined £100k for exposing personal sensitive info

The Gurus — Fri, 11 Aug 2017 09:00:00 +0000

Blighty’s Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. Typically, the scammers pretended they were providing support for technical problems. They quoted customers’ addresses and TalkTalk account numbers.
View Full Story
ORIGINAL SOURCE: The Register

The post TalkTalk fined £100k for exposing personal sensitive info appeared first on IT Security Guru.

A ghost story – The haunting presence of an ex-employee

The Gurus — Wed, 09 Aug 2017 09:42:33 +0000

From recruiting the most talented employees, to ensuring accounts are in order and providing staff with the latest technological innovations, businesses across the globe work tirelessly every day to strive for success. Lurking behind every policy, best practice and guideline, however, is a world that often gets neglected. What happens when someone leaves the company? Of course, in an ideal world, businesses recruit a capable replacement, tie up any loose ends on a project they were previously working on, and of course, throw a leaving party to ensure both the employee and business can part ways on the best of terms. Sadly, we do not live in an ideal world and, on occasion, an employee’s departure isn’t quite so clean cut and can cause issues months after they have left the company. This begs the question, are organisations doing everything in their power to make sure a soon-to-be ex (employee) does not walk out the door with access to everything the business holds dear?
Former employees are not always your friends
We have all seen the hugely damaging actions that former employees can inflict upon businesses. One such example is a huge data breach experienced by OFCOM^[1], when they discovered that a former employee had downloaded and shared over six years’ worth of data with their new employer, which happened to be a major broadcaster. Luckily for OFCOM, the broadcaster in question chose not to exploit the data and alerted OFCOM to the stolen information. Shockingly, the latest research from OneLogin shows that despite the threat of former employees, more than half (58 per cent) still have access to the corporate network once they have left an organisation and almost a quarter of businesses (24 per cent) experience data breaches due to the action of ex-employees. The OFCOM data breach could have been catastrophic if it had have been used by a competitor, not to mention the potential damage to brand reputation. Similarly, businesses must also consider that when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018, UK firms could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher^[2], enough to leave an organisation with financial difficulties. Of course, there are scenarios where organisations have not been as lucky as OFCOM.
In fact, Marriott Hotels experienced the full force of a disgruntled former employee in 2016. According to court documents^[3], a former Marriott employee was fired from the company in August 2016, and was told not to access the company’s internal systems. However, despite this warning, the former employee accessed Marriott’s reservation system from the comfort of their home, slashing room rates down from $159-$499 to $12-$59. This particular breach cost Marriott $50,000. Mariott, however, isn’t the only organisation to have left themselves open to disgruntled ex-employees. In fact, 28 per cent of former employee’s accounts remain active for longer than a month.
HR & IT must collaborate and take accountability
A former employees’ word is not enough. HR and IT must work together to avoid situations such as this and it doesn’t have to be difficult or time intensive. Automated processes can be used to deprovision all access to corporate accounts within minutes of an employee’s contract being terminated to protect valuable corporate data. There are tools available to ensure that once an employee has logged off for the final time they are locked out from that moment onwards. OneLogin’s research revealed that only half of UK businesses use automated de-provisioning technology to ensure this happens. In addition, 45 per cent of businesses don’t use a Security and Information Manager (SIEM) to check for application use by former employees, leaving vital corporate data exposed to potential leaks. Businesses revoke a former employees’ means of physically getting into the office, so it is essential that their digital access is also revoked on departure.
Stick to the solution
It is crucial that businesses wake up and acknowledge that former employees exploiting corporate access is a problem and yes, it could happen to any company. It is clearly not enough to rely on the goodwill of ex-employees, however trustworthy they may appear to be. With so much at stake, are organisations really willing to leave the key to the business’ most precious assets in their hands? Quite frankly, there is no reason to.
Some employees leaving an organisation don’t have many loyalties to their previous employer, no matter how amicable their departure was, meaning security risks are highly likely. Therefore, it is imperative that deprovisioning employees’ corporate access on their last day is an absolute priority. Companies need to use the right tools to ensure this happens. These include:

Automated syncing of HR directories such as Workday, UltiPro, and Namely, which are the source of truth for employee status, and IT directories such as Active Directory and LDAP, which often control access to applications.
Automated deprovisioning of employees from applications that have an application programming interface (API) for user management. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs.
Automatic checklist generation for IT admins, to ensure that they manually deprovision all ex-employees from all apps. Most applications don’t yet have an automated deprovisioning API and require manual intervention from IT.
Application access events sent to SIEM systems, to double-check that no ex-employees are accessing applications.

IT and HR can work collaboratively to fully deprovision all employees. If these steps are carried out correctly, a business can be safe in the knowledge that precautionary measures have been taken to protect confidential data from a departing employee.

Alvaro Hoyos, CISO at OneLogin

The post A ghost story – The haunting presence of an ex-employee appeared first on IT Security Guru.

Five years later: Have you changed your LinkedIn password yet?

The Gurus — Mon, 24 Jul 2017 09:47:01 +0000

The fallout of data breaches has long lasting effects – as we’ve seen from the continued impact of the 2012 data breach at LinkedIn. Although the attack happened five years ago, the ripple effects continue to this day. Recent reports of credentials stolen from U.K. officials are a good demonstration of this.
Email addresses and passwords of MPs, parliamentary staff, diplomats and senior police officers were sold, bartered and then made available for free on Russian-speaking hacking forums. In total, over 9,000 stolen credentials were publicly released – with the most common passwords associated with the stolen police emails being “police,” “password,” and “police1.” Sources report that a majority of these passwords came from previous data breaches, such as the LinkedIn hack.
This is yet another example of the “domino effect” that breaches can have across multiple Internet services – and it shows that people still aren’t learning their basic security lessons. We’re still seeing hackers use credentials stolen from one breach to carry out additional cyberattacks on other Internet services where those credentials were reused.
Poor password hygiene practices like these are a struggle for individuals and organisations alike. When analysing the results of last year’s annual Market Pulse survey, SailPoint found that 65 percent of the respondents surveyed admitted to using one single password for multiple applications, while 33 per cent stated they share passwords with coworkers! These risky practices leave businesses vulnerable to cyberattacks.
Ensuring that employees maintain strong password hygiene across all on premise and cloud applications is a significant challenge in a corporate environment. It is complicated even further by the constant change in employee roles and responsibilities, requiring their application access profiles to change continually. This is just one of the reasons why so many enterprises are increasingly turning to identity governance – to enable and enforce good password management policies and behaviors across the company while simultaneously ensuring the appropriate level of user access is maintained at all times.
Throughout my career as an IT leader, I’ve seen firsthand the benefits of putting an identity governance solution in place and how it can transform key aspects of an organisation’s security posture. Identity governance does require investment and commitment by an organisation, along with ongoing education on the critical importance of identity and security best practices. However, in exchange for that commitment, you will benefit from one of the most effective, time-tested methods of ensuring user access security across the board – protecting your applications and your data and stopping the ‘domino effect’ in its tracks.
By Kevin Hansel, CIO at SailPoint

The post Five years later: Have you changed your LinkedIn password yet? appeared first on IT Security Guru.

Largest cryptocurrency exchange hacked. Over $1 million worth of Bitcoin stolen

The Gurus — Thu, 06 Jul 2017 10:08:51 +0000

Bithumb, one of the world’s largest Bitcoin and Ether cryptocurrency exchanges, has been breached resulting in the loss of more than $1 Million in cryptocurrencies after a number of its user accounts were compromised. We reached out to some of the world’s leading cybersecurity experts for their thoughts on this latest hack.
Ben Herzberg, research group manager at Imperva, said “The last few weeks have been dramatic for cryptocurrency and its traders, when the market volatility gave opportunity to both honest investors and criminals alike. This is due to the surges in demand for Bitcoin (bringing it to over 2.7K USD, which has now stabilised over the last couple of days at around 2.5K USD) and other cryptocurrencies like Ethereum which spiked from “almost 0” to 400$ in a very short while, now at around 270$.
“Attackers can make a lot of money when attacking crypto exchanges due to factors such as the anonymity of the cryptocurrencies, hence the ability to “get rid” of the stolen goods with limited risk, and also by speculating on market prices (especially in specific exchanges or markets) and causing dramatic changes. In many cases this is done by Denial of Service attacks, which are hugely popular against cryptocurrency exchanges.
“In this case, according to Bithumb, the breach itself was of data stored outside of the company’s assets on a personal computer. This also brings up the question of data security in organisations, and the ability for employees to take sensitive information with them when they’re working out of the office. Part of this is due to the rapidly changing work environment, where employees get more remote access to company resources which poses a challenge to IT security departments.”
David Kennerley, director of threat research at Webroot, added “The news of this Bithumb hack highlights the fact that employees can still be an organisation’s weakest link with regards to security. The fact that access appears to have been initiated by initially compromising an employee’s personal PC is a very worrying development – highlighting huge failings on so many levels, from an employee education and training standpoint, all the way to administrative and technical controls, to monitoring and enforcement.
“Such cases emphasise the need for businesses to have clearly defined security policies and procedures round the use of personal devices for work purposes and the re-use of passwords – employees should not be using their work passwords for personal use. While businesses should consider investing in technical security layers, from threat intelligence solutions, to two factor authentication – which would surely have helped in this case. Understanding why this hack is only coming to light now will be one of the first questions customers will wish to have answered very quickly – as this breach is reported to have occurred in February of this year.”
Pete Banham, cyber resilience expert at Mimecast, concluded “This cryptocurrency heist is a prime example of why firms need to think about the sensitive information employees have access to in a remote working world. Assume home PCs are or will be compromised when designing your data protection strategy.
“Ongoing security training needs to be balanced with effective data loss prevention techniques that can identify sensitive data leaving an organisation.
“Managing secure remote access to data is challenging, but requires careful consideration with regards to your risk appetite.”

The post Largest cryptocurrency exchange hacked. Over $1 million worth of Bitcoin stolen appeared first on IT Security Guru.