Security breaches on US mobile provider T-Mobile have only been getting worse over the years, with the company suffering three of them in the last couple of years alone. The third
, which happened in August, was by far the worst, when a 21-year-old Virginian boy managed to easily get through all of T-Mobile's securities and was singlehandedly able to compromise the data of over 53 million T-mobile subscribers
Such a massive security breach has gathered national attention, and according to Reuters
, Massachusetts has also turned a serious eye to the matter, initiating a legal probe into the cyberattack. The attorney general who is responsible for this investigation, Maura Healey, undertook the mission after the incident was revealed back in August.
She plans to investigate whether or not proper data protection protocol had been followed by T-Mobile to prevent the compromisation of customer data and devices. If it is found to have neglected the necessary safeguards, the state of Massachusetts could launch a serious legal case against the Washington-based mobile provider.
The culprit behind the national incident is named John Binn and was raised in Northern Virginia, and happened to discover an "unprotected router exposed on the internet," through which he gained access to over a hundred servers, revealing his discovery to Wall Street Journal
and making the information public, leaving the data fully exposed to malicious actors for the time being.
The only information that has remained secure, thankfully, is all financial, credit card, or other payment data. However, nearly everything else seems to have been compromised: full names, PIN numbers, birthdays, social security numbers, drivers' licenses, and other information. This includes not only current customers' information, but also that of prospective and past customers, whose data has remained on file.
The fact that T-Mobile failed to review and remedy all of its levels of cybersecurity after the last two data breaches
is hugely concerning for its current and potential customers.
Even after the first 2019 incident, when malicious and unauthorized access was gained to T-mobile data servers, T-Mobile should certainly have taken the initiative to install the proper safeguards and thoroughly ensure that all steps are taken for the prevention of such incidents in the future.
So far, twenty-three lawsuits against T-Mobile have been filed by customers over this last data breach, which is by far the biggest one it has suffered yet.