June 20, 2016 by

T-Mobile Insider Hack Compromises 1.5 Million Customers’ Data

Another day, another breach. While nothing tends to surprise any longer in the realm of cybersecurity, this particular story stands out, for being an insider hack caused by a rogue employee at T-Mobile.

A news report by local media in the Czech Republic has revealed that a T-Mobile employee gained access to a database containing some 1.5 million customer records.

The staffer then attempted to sell the database, although the number of records that contain names, email addresses and personal information are yet unknown. Notably, T-Mobile insists that the database did not contain any login credentials embedded within the accounts, insisting that it was marketing-related data.

T-Mobile confirmed the hack in a media release, revealing that an employee had attempted to steal and sell the customer data. The employee was a member of a “small team that normally worked with customer data,” T-Mobile added.

When suspicions arose, the company sought the Police of the Czech Republic. The investigation is currently pending and hence T-Mobile isn’t revealing any specific information pertaining to the breach, yet.

“The database did not contain any user credentials, nor any location or traffic data that could compromise a user’s privacy,” the telecom giant stated. It further added:

The only risk to our customers could theoretically be exposed is that they might potentially be approached with unsolicited marketing offers.

The company deemed the incident as the failure of an individual, rather than one to be pinned on the system or be seen as procedural failure.

The employee in question has had his or her employment with T-Mobile terminated immediately, before the police began the investigation.

The telecom provider’s “robust security mechanisms” helped ensure and reinforce the database’s security with a prompt response as soon as red flags were raised, T-Mobile insisted.

Milan Vašina, T-Mobile Czech Republic’s managing director said in a statement:

I would like to reassure our customers that there was no actual data leak and that their data are safe. The trust and security of our customers are of key priority for us.

Although we found no system failure during a thorough check, we will check the whole system again and consider the introduction of other precautionary measures if necessary.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Over 76 Million Households Affected by the Cyberattack on JP Morgan

A major data breach investigation results were made public today in a statement from JP Morgan...

Read more arrow_forward