• E-mail this page
• |  Print this page
• | 
• | 
• | 

Hackers Claim To Have Pwned US T-Mobile. As In: Everything.

It's not the kind of forum post an executive would like to see created about their company. It's not a leaked rumor about an upcoming product or service, or even a ranting upset customer. Nope. It's a group claiming to have controlled portions of your IT network for a long time. And they published what looks to be proof of the breach. T-Mobile is investigating.

This post hit the Full Disclosure security mailing list over the weekend:

Hello world,

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.

Please only serious offers, don't waste our time.

If true, I wonder how much customer data has been compromised? I've a feeling that we'll find out soon enough, should the culprits not get what they're asking.

If they did get financial records, that could very well be a regulatory problem for T-Mobile, specifically with Sarbanes-Oxley compliance. But that may not be the biggest concern T-Mobile has at the moment.

To back up their claims, they published a list of servers that are purported to have been breached, including applicationIDs and IP addresses. The list includes a number of billing and collection systems.

Right now, it doesn't look good. But there's a chance the entire post is a hoax.

T-Mobile has issued a statement saying that it is investigating, and that the company would notify customers if there were any evidence that customer information was compromised.

This incident begs the question: is your company ready for such an incident? Well, as ready as one could be? How would your legal, HR, and incident response teams get engaged should this happen? What's the plan? How would you handle the preliminary customer calls and questions? Who in law enforcement would you contact?

The time to answer those questions is before something like this happens. Not cobbling together the response as it is happening.

« Some Linux Critiques By Way Of A Solaris Dissenter | Main | Computers Key To Air France Crash »