fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

T-Mobile Discloses Data Breach After SIM Swapping Attacks

T-Mobile Discloses Data Breach After SIM Swapping Attacks

American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.

SIM swap fraud (or SIM hijacking) allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters.

Subsequently, they receive the victims’ messages and calls which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.

The criminals can then log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts.

The FBI shared guidance on how to defend against SIM swapping following an increase in the number of SIM hijacking attacks targeting cryptocurrency adopters and investors.

Also Read: Data Protection Officer Duties And Responsibilities

Undisclosed number of SIM swap attacks

In a data breach notice sent to impacted customers on February 9, 2021, and filed with US attorney generals’ offices, T-Mobile revealed that an unknown attacker gained access to customers’ account information, including personal info and personal identification numbers (PINs).

As the attackers were able to port numbers, it is not clear if they gained access to an employee’s account or did it through the compromised users’ accounts.

A T-Mobile spokesperson was not available for comment when contacted by BleepingComputer earlier today.

“[A]n unknown actor gained access to certain account information. It appears the actor may then have used this information to port your line to a different carrier without your authorization,” T-Mobile said.

“T-Mobile identified this activity—terminated the unauthorized access, and implemented measures to protect against reoccurrence.”

The information accessed by the hackers might have included customers’ full names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.

“T-Mobile quickly identified and terminated the unauthorized activity; however we do recommend that you change your customer account PIN,” the company also said.

Impacted T-Mobile customers are advised to change their account’s password, PIN, as well as their security questions and answers.

T-Mobile is offering two years of free credit monitoring and identity theft detection services through Transunion’s myTrueIdentity.

Fifth data breach in four years

This is the fifth data breach disclosed by T-Mobile during the last four years, all of them being reported after hackers gained access to customers’ data.

T-Mobile previously suffered from breaches in 2018 when millions of customers’ info was accessed by hackers and in 2019 after exposing prepaid customers’ data.

Last year, the company disclosed two more breaches, one of them in March 2020, when attackers gained access to customer and employee data.

In December 2020, T-Mobile’s suffered another data breach after unknown threat actors again accessed customers’ phone numbers and call records.


Update February 27, 02:44 EST: The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. No T-Mobile for Business customers were impacted during this incident.

Also Read: 8 Simple Ways To Improve Your Website Protection

BleepingComputer knows of at least one T-Mobile customer impacted by a SIM hijacking attack during the last month.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us