[Security Weekly] T-Mobile Confirms 48 Million Personal Records Breached in Cyberattack

cover image

3rd Week of August 2021


1. T-Mobile confirms cyberattack compromising personal data of 48 million customers

On August 15, a hacker claimed to have breached T-Mobile and stolen 106 GB of data containing the names, addresses, account login credentials, and social security numbers (SSN) belonging to 100 million customers. A sample dataset of 30 million driver’s licence numbers and SSNs were uploaded on the dark web and put on sale at a price of 6 Bitcoins, or roughly $270,000.

Despite initially denying the claim, T-Mobile admitted on August 18 that the hacker gained access to its servers and obtained the personal information of 7.8 million postpaid customers and 40 million former and prospective customers who had previously registered for postpaid services with the company.

Additionally, T-Mobile said that 850,000 current prepaid customers had their phone numbers and login credentials stolen. The PIN numbers of these customers were reset immediately.

T-Mobile is currently in the process of contacting all victims and promises to provide two years of free identity protection service. The hacker did not demand any ransom from T-Mobile as they claim to have found buyers online.

Sources: ZDNet, Threatpost


2. Colonial Pipeline confirms over 5,000 employee records breached in DarkSide attack

On August 13, Colonial Pipeline sent out data breach notification letters to 5,810 current and former employees notifying that their personal information had been stolen in the DarkSide ransomware attack back in May–the attack that led to a widespread oil shortage in the US.

In the notification, Colonial Pipeline admitted that the personal data of these employees were among the 100 GB of data stolen by the DarkSide ransomware gang. Compromised information included names, dates of birth, contact details, social security numbers (SSN), driver’s licence numbers, taxpayer identification numbers, as well as health insurance information. Not all individuals were affected the same.

Colonial Pipeline is offering all victims two years of free identity protection and credit monitoring services.

Sources: CNN, Bleeping Computer


3. Brazilian National Treasury hit by ransomware attack

The Brazilian Ministry of Economy made an announcement on August 13 disclosing that the National Treasury had suffered a ransomware attack.

The Ministry, along with the government’s cybersecurity arm Digital Government Secretariat (DGS), are currently investigating the incident and working on recovery. Countermeasures have been taken to prevent the attack from spreading further.

So far, no significant damage to the systems was found. Tesouro Direto, the online platform for government bond issuance and purchase, remains fully functional.

Sources: ZDNet, BankInfoSecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security