June 20, 2016 by

T-Mobile Insider Hack Compromises 1.5 Million Customers’ Data

Another day, another breach. While nothing tends to surprise any longer in the realm of cybersecurity, this particular story stands out, for being an insider hack caused by a rogue employee at T-Mobile.

A news report by local media in the Czech Republic has revealed that a T-Mobile employee gained access to a database containing some 1.5 million customer records.

The staffer then attempted to sell the database, although the number of records that contain names, email addresses and personal information are yet unknown. Notably, T-Mobile insists that the database did not contain any login credentials embedded within the accounts, insisting that it was marketing-related data.

T-Mobile confirmed the hack in a media release, revealing that an employee had attempted to steal and sell the customer data. The employee was a member of a “small team that normally worked with customer data,” T-Mobile added.

When suspicions arose, the company sought the Police of the Czech Republic. The investigation is currently pending and hence T-Mobile isn’t revealing any specific information pertaining to the breach, yet.

“The database did not contain any user credentials, nor any location or traffic data that could compromise a user’s privacy,” the telecom giant stated. It further added:

The only risk to our customers could theoretically be exposed is that they might potentially be approached with unsolicited marketing offers.

The company deemed the incident as the failure of an individual, rather than one to be pinned on the system or be seen as procedural failure.

The employee in question has had his or her employment with T-Mobile terminated immediately, before the police began the investigation.

The telecom provider’s “robust security mechanisms” helped ensure and reinforce the database’s security with a prompt response as soon as red flags were raised, T-Mobile insisted.

Milan Vašina, T-Mobile Czech Republic’s managing director said in a statement:

I would like to reassure our customers that there was no actual data leak and that their data are safe. The trust and security of our customers are of key priority for us.

Although we found no system failure during a thorough check, we will check the whole system again and consider the introduction of other precautionary measures if necessary.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Over 76 Million Households Affected by the Cyberattack on JP Morgan

A major data breach investigation results were made public today in a statement from JP Morgan...

Read more arrow_forward