View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 17, 2021updated 19 Aug 2021 2:35pm

T-Mobile data breach could leave the company counting the cost

Millions of customer records have been stolen from the mobile operator. The breach could end up being a costly one.

By Claudia Glover

Millions of customer records have been stolen from T-Mobile US, the company confirmed this week. The data breach could turn out to be a costly one for the mobile operator, as new research shows the average cost of a data breach has risen to more than $4.7m.

T-Mobile data breach

Up to 100 million customer records are thought to have been stolen in a data breach at T-Mobile this week. (Photo by r.classen/Shutterstock)

Details of the breach emerged on Sunday, when 30 million social security numbers and driving licence details appeared for sale on an online forum. The seller said the data came from a cache of over 100 million records stolen from T-Mobile. Yesterday the company admitted it had been subject to a breach, stating “unauthorised access to some T-Mobile data occurred” but added that it was still investigating precisely what sort of data had been taken.

On Wednesday, T-Mobile US said 7.8 million postpaid service customer records were lifted by hackers. The data of about 850,000 prepaid customers was also hacked, as well as more than 40 million records of former or prospective customers.

T-Mobile data breach could be costly

The breach could turn out to be a costly one for the mobile operator, as new research shows the cost of a data breach has risen by 10% in the last year to an average of $4.24m, according to the Cost of a Data Breach report from IBM and Ponemon Institute. The average cost per record is now $161, as opposed to a figure of $146 in 2020. This represents an increase of 14.2% since the 2017 report, where the average was $141. Costs of a data breach can relate to the retrieval of the data itself, as well as compensation to customers, regulatory fines and the cost of lost business

Communications companies generally saw a considerable increase in average data breach costs in the past year, up to 20.3% to $3.62m, though this is still below the global average for other sectors.

How big was the T-Mobile data breach?

The seller, who is believed to be based in Belarus, says they got into T-Mobile's systems via an exposed gateway GPRS support node, part of the infrastructure that connects mobile users to the internet. “From there, we pivoted through several different IP addresses and eventually got access to their production servers," they said. "Everything was stolen."

Telecoms data is especially valuable as it contains so much information explains Amy DeCarlo, principal analyst in security and data centre services at GlobalData. “Some of the most highly valuable information on consumers is attached to a mobile provider," she says. "They have location data, which is the ultimate in information as they will know where the consumer is and where the consumer has been. They know the consumer's habits. They can model that data.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

This sort of information can be useful to cybercriminals who are interested in creating targeted scams, stealing identities or other malicious behaviour, says Erich Kron from KnowBe4, a security training provider. State-backed threat actors could also be interested in getting hold of it, he adds. "Given the size of T-Mobile, there is a good chance that this information could benefit other countries with surveillance programs," he says. "Some cybercriminals might buy the bulk of the information, then resell it in smaller chunks to other criminals."

The records are being sold for six bitcoin, worth around $286,000, a sum that Nathalie Moreno, a partner at law firm Addleshaw Goddard, describes as "an incredibly low amount". This "gives the impression that the hackers are somewhat amateur," Moreno says. "The forensics are going to be called immediately to try to determine what exactly has been accessed, compromised, stolen, and that part is something which can take time.”

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.