 |
| T-Mobile booth (T-Mobile) (Kurt "CyberGuy" Knutsson) |
Learn how to stay safe amid rise in telecom data breaches
The telecom industry is one of cybercriminals' favorite targets, likely because of the sensitive data it stores. Your carrier knows who you call and what you text. This type of information is valuable not only to hackers but also to governments. That’s probably why U.S. phone giant T-Mobile was hacked as part of a broad cyberattack on domestic and international phone and internet companies in recent months.
What you need to know
There was unauthorized access to a limited number of T-Mobile routers using methods indicative of a major Chinese cyber-espionage operation, but T-Mobile’s layered defenses and security monitoring enabled T-Mobile to quickly identify and shut down the threat.
The report revealed that hackers connected to a Chinese intelligence agency breached T-Mobile as part of a monthslong effort to spy on the cellphone communications of high-value intelligence targets. The report did not specify when the attack occurred, but T-Mobile says no customer calls or communication records were stolen.
The U.S. government also confirmed this month that Chinese hackers breached multiple U.S. telecommunications service providers to access wiretap systems used by law enforcement for surveillance of Americans. Wiretap systems allow law enforcement agencies to monitor phone calls, text messages and internet communications as part of investigations, typically with a warrant.
CISA (Cybersecurity and Infrastructure Security Agency) and the FBI issued a joint statement revealing "a broad and significant" cyber-espionage campaign. The statement disclosed that PRC-affiliated hackers had breached networks at "multiple telecommunications companies" across the United States. While CISA and the FBI did not name the organizations affected, multiple reports suggest that T-Mobile, AT&T, Lumen (formerly CenturyLink) and Verizon are likely on the list.
WSJ reported in October that Chinese hackers had access to the networks "for months or longer," enabling them to collect "internet traffic from internet service providers that count businesses large and small and millions of Americans as their customers."
 |
| Illustration of a hacker at work (Kurt "CyberGuy" Knutsson) |
T-Mobile’s many data breaches
T-Mobile has faced several hacks in recent years. In 2021, a malicious actor breached T-Mobile’s lab environment by posing as a legitimate connection to an unidentified piece of equipment. The hacker guessed passwords for multiple servers and moved laterally through the network, ultimately stealing personal data, including names, addresses, Social Security numbers and driver’s license IDs, from tens of millions of customers.
In 2022, T-Mobile experienced another breach when a malicious actor used SIM-swapping, phishing and other tactics to infiltrate the company’s internal platform for managing mobile resellers who serve T-Mobile customers.
The troubles continued into 2023. Early in the year, hackers used phished credentials from dozens of T-Mobile retail employees to access a sales application originally set up during the COVID-19 pandemic for remote viewing of customer data. Then, in January 2023, a misconfigured application programming interface exposed personal data for 37 million current customers, marking yet another significant security lapse.
 |
| Illustration of a hacker at work (Kurt "CyberGuy" Knutsson) |
T-Mobile’s response
When CyberGuy reached out to T-Mobile regarding the latest security incident, a spokesperson provided the following statement: "T-Mobile is closely monitoring this industry-wide attack. Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced. We will continue to monitor this closely, working with industry peers and the relevant authorities."
All comments are subject to our Community Guidelines. THE NEWS RIDE does not endorse the opinions and views shared by readers in our comment sections.