[Security Weekly] Data Breach at T-Mobile Compromises Customer Phone Numbers and Call Records

cover image

1st Week of January 2021


1. Data breach at T-Mobile compromises customer phone numbers and call records

T-Mobile, one of the big-three telecommunications service providers in the US, suffered a cyberattack back in December, compromising customer proprietary network information (CPNI). This is the second data breach the company suffered in 2020.

On December 29, T-Mobile sent out a data breach notification via a text message to its customers, disclosing that malicious hackers gained unauthorized access to its IT system. The leaked data contained its customers’ phone numbers, call records (i.e. destination numbers and call durations), and the number of lines associated with each account.

T-Mobile said that the data breach only affected less than 0.2% of its customers. Yet, given its customer base of 100 million, this means that up to 200,000 people fell victim to the attack. Fortunately, the names of the victims were not part of the leaked data. Nevertheless, experts advise the victims to watch out for potential phishing attacks.

Sources: TechCrunch, The Verge


2. Italian telecom operator Ho. Mobile suffers data breach affecting 2.5 million users

Ho. Mobile, an Italian mobile network operator owned by Vodafone, released a statement on January 5 disclosing a serious data breach that compromised highly sensitive personal information of over 2.5 million users.

In December, hackers gained access to Ho. Mobile’s internal IT system and exfiltrated its customer database. They later posted the database on the dark web on December 22. The company was only made aware of it on December 28. By that time, it was believed that at least one buyer had purchased the database.

The database contained the personal data of 2.5 million customers, including their full names, dates of birth, social security numbers, home and email addresses, phone numbers, nationality, as well as detailed technical information of their SIM cards. Such information makes it easy for anyone to conduct a SIM swapping scam to take over the data stored in the victim’s SIM card.

In an unprecedented move, Ho. Mobile is now offering free SIM card replacement to all 2.5 million affected customers. Victims can bring their existing SIM cards to any authorized stores to have them switched at no cost.

Sources: ZDNet, Bleeping Computer


3. US DoJ’s Office 365 email inboxes exposed in SolarWinds supply chain attack

The US Department of Justice (DoJ) announced on January 6 that the SolarWinds supply chain attack exposed the email inboxes of its employees.

After obtaining access to DoJ’s internal IT system, the hackers moved within the network to target its Microsoft Office 365 email server, and ended up accessing a number of the email inboxes. The activity was detected by DoJ’s IT staff in late December.

DoJ revealed that about 3% of its email inboxes were compromised in the attack. Given that DoJ has over 100,000 employees, at least 3,000 inboxes were likely breached. As of today, the agency said that it is not aware of any leak of classified information.

DoJ is only one among the dozens of US government agencies hacked in the SolarWinds supply chain attack. Other victims include the Treasury, the Department of Homeland Security, Department of Commerce, Department of Health, Department of Energy, Department of State, the Cybersecurity and Infrastructure Agency, the National Nuclear Security Administration, and a number of state governments.

Sources: ZDNet, The Guardian


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security