Outcome 1 - Explain the causes and effects of data security breaches. - Week 2

Outcome 1 - Data breach

Recent reported data breach

Large-scale cyber security breaches often make the headlines but about 70% of organisations are keeping their worse security incidents hidden from the public.

One of recent data breach made public in August 2021 was T-Mobile

T-Mobile was hacked back in August 2021 by a 21-year-old hacker by the name of John Binns,

According to the Wall Street Journal, he had been searching for gaps in T-Mobile’s defenses through its internet addresses and gained access to the T-Mobile network through an unprotected router in July and that lead to a data center near East Wenatchee, Washington, where he could explore more than 100 of the company’s servers. From there, it took about one week to gain access to the servers that contained the personal data of millions. By August 4, he had stolen millions of files.

T-Mobile never respond to requests for comment but released a statement later that confirming that the names, dates of birth, SSNs, driver’s licenses, phone numbers, as well as IMEI and IMSI information for about 7.8 million customers had been stolen in the breach.

Another 40 million former or prospective customers had their names, dates of birth, SSNs and driver’s licenses leaked. More than 5 million “current postpaid customer accounts” also had information like names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed.

From what’s been told by the hacker, this could be prevented by using more modern equipment and better security measures.

The lawsuit against T-Mobile

T-Mobile has agreed to a settlement totaling $500 million in a class-action lawsuit filed by customers after the company disclosed in August 2021 that sensitive data had been breached in a cyberattack.

In a court, the mobile phone giant said it would pay $350 million to settle the customers’ claims and spend $150 million over the next few years bolstering its cybersecurity protection and technologies.

The breach affected 76.6 million people in the United States, according to the company. It exposed highly sensitive data, including customers’ first and last names, Social Security numbers and driver’s license information.