T-Mobile tried to buy stolen customer data back, but failed
Date:
Wed, 13 Apr 2022 18:23:24 +0000
Description:
T-Mobile hired a security firm which bought stolen customer data back from cybercriminals following last year's data breach.
FULL STORY ======================================================================
After falling victim to a data breach last year, the US telecom T-Mobile
hired a third-party which tried to buy back the companys stolen data before
it could be widely distributed online.
As reported by Motherboard , the plan was ultimately unsuccessful as the cybercriminals responsible continued to sell the companys data on an online hacking forum despite being paid a total of $200k to delete their copy.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.
The news outlet only recently learned that a third-party hired by T-Mobile tried to buy back the telecoms stolen customer data following the Department of Justice unsealing an indictment against Diogo Santos Coelho who is allegedly the administrator of the notorious hacking site RaidForums .
While Coelho was arrested in the UK back in March of this year, an affidavit regarding his extradition to the US contained new information on the T-Mobile data breach though the company was not named outright. Purchasing stolen data from cybercriminals
According to the affidavit, a RaidForums user going by the handle SubVirt
made the original post on the site offering to sell a stolen database containing the social security numbers, dates of birth, drivers licenses and other sensitive information of 124m T-Mobile customers.
An employee of the third-party hired by T-Mobile responded to the post and bought a sample of the data in the database for $50k in Bitcoin . After reviewing the sample, they then went on to purchase the entire database for around $150k on the condition that SubVirt would delete their copy of the data. This would limit T-Mobiles customer data from ending up in the hands of other cybercriminals that could use it to commit fraud, identity theft , phishing attacks and other cybercrimes. Read More
T-Mobile hacker slams company security as 'awful'
T-Mobile blocked from advertising 'most reliable' 5G
AT&T and T-Mobile secure more spectrum in $22bn US 5G auction
After being paid $200k for the database, SubVirt and the other hackers behind the breach continued to try and sell the companys stolen customer data on RaidForums. While the court documents dont name the third-party hired by T-Mobile, in a statement back in August, the companys CEO Mike Sievert explained that its investigation into the breach had been supported by world-class security experts Mandiant from the very beginning.
Paying cybercriminals is not out of the ordinary and it routinely occurs when organizations fall victim to ransomware attacks. Just like in this case though, cybercriminals may not keep up their end of the bargain which is why the FBI and other law enforcement agencies say to never pay a ransom . Avoid falling victim to fraud and other cybercrime with the best identity theft protection
Via Vice
======================================================================
Link to news story:
https://www.techradar.com/news/t-mobile-tried-to-buy-stolen-customer-data-back -but-failed/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)