The Inner Circle

 View Only
  • 1.  T-Mobile Data Breach and Response

    Posted Aug 23, 2021 11:05:00 AM
    Recently T-Mobile suffered a massive data breach that exposed the first and last names, birth dates, social security numbers, and driver's license information of over 50 million people. Many people have expressed that the company's response was highly disappointing, and they have yet to reach out to customers directly. I'm curious to see if there are any T-Mobile customers out there, your feelings on how they handled this breach, and any insight on the best ways to notify the public when a breach occurs.

    https://www.inc.com/jason-aten/t-mobile-data-breach-50-million-accounts-how-to-protect-yourself.html

    ------------------------------
    Olivia Rempe
    ------------------------------


  • 2.  RE: T-Mobile Data Breach and Response

    Posted Aug 24, 2021 10:46:00 AM
    I have always been leery of the switch from collecting non-sensitive PII to open (cell) phone accounts and other types of billing accounts to collecting SSNs for reasons such as this kind of data breach. I think it is less difficult for a company to recover from a breach than it is for any individual whose identity gets stolen and misused.  In trying to ensure they are able to go after an individual to recoup losses from contract breaches, these companies have exposed private information about millions of people. We all have to live with the reality that our SSNs are up for sale somewhere.  Of course, government systems are breached too, but my point is that companies like T-MOBILE collect SSNs for no justifiable reason.

    This Tech Republic article includes any response I have to how companies should deal with a breach. It boils down to who the decision makers in the room are when the decision has to be made. The FireEye example is the one companies should emulate.

    https://www.techrepublic.com/article/how-organizations-should-handle-data-breaches/

    ------------------------------
    Tutu Owoade
    IT Cybersecurity Specialist
    DISA
    ------------------------------



  • 3.  RE: T-Mobile Data Breach and Response

    Posted Aug 25, 2021 11:35:00 AM
    If you believe the IBM study that estimates the average cost of a data breach involving PII to be $161 per record in 2021 (up from $146 last year and $135 the year before that), this could cost T-Mobile something of the order of $8 billion, which is 12% of their annual revenue. Quite survivable, but still nothing to sneer at. The sad irony is that their customers, including those whose data has been revealed, are the ones who will foot that bill in the form of higher rates.

    ------------------------------
    Claude Baudoin
    cébé IT Knowledge Management
    Co-Chair, OMG Cloud Working Group
    https://www.omg.org/cloud
    ------------------------------