One of the recent data breach of the T-Mobile has resulted on compromising personal information of more than 1 million customers (Coldewey, 2019). T-Mobile has confirmed that the data that was being compromised is the name, billing address, phone numbers, account numbers, and rate plans of the customers. Customers financial and password data was not being compromised.
T-Mobile has explained that the attacker had gained an unauthorized access to their email vendor which allowed them access to the T-Mobile network (Wagner, 2020). For the customer which data was being compromised, T-Mobile had sent an text message to their phone to inform the user regarding the incident. Data of the customers that were affected, T-Mobile has offred them an credit monitoring for an limited time.
References:
Coldewey, D. 2019. More than 1 million T-Mobile customers exposed by breach. Retrieved from: https://techcrunch.com/2019/11/22/more-than-1-million-t-mobile-customers-exposed-by-breach/#:~:text=T%2DMobile%20has%20confirmed%20a,exposed%20to%20a%20malicious%20actor.
Wager, A. 2020. T-Mobile reveals data breach, customer account info accessed. Retrieved from: https://www.tmonews.com/2020/03/t-mobile-reveals-data-breach-customer-account-info-accessed/
This just goes to show you that you don’t have to be a super sophisticated hacker to compromise a company. Social engineering, and the ability to write a legitimate sounding email is all you need to gain entry. Albeit, you still have to include a malicious payload in the email, but that is as easy as going on git hub and doing a little research. Kali has a program called SET (social engineering toolkit), that will construct malicious emails for you. Honestly, I wonder how many data breaches were spawned by 1 untrained employee falling for a malicious email.