T-Mobile: Hacker brute-forced our customer servers
Amazing what you can do with Mimikatz (we speculate...)
T-Mobile says the hacker that breached their systems to steal the personal data of over 50 million customers "leveraged... specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data" in the most detailed statement yet on the mammoth August 2021 data breach.
Further detail on that initial foothold into the testing environment will not be shared while a criminal investigation is ongoing, the company's CEO added.
T-Mobile data breach: CEO hires KPMG, Mandiant
CEO Mike Sievert said: "On August 17 we confirmed that T-Mobile’s systems were subject to a criminal cyberattack that compromised data of millions of our customers, former customers, and prospective customers. Fortunately, the breach did not exposeany customer financial information, credit card information, debit or other payment information but, like so many breaches before, some SSN, name, address, date of birth and driver’s license/ID information was compromised.
He added: "To say we are disappointed and frustrated that this happened is an understatement. Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful. Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers."
The mobile network operator, a subsidiary of German telecommunications company Deutsche Telekom AG, has hired KPMG and Mandiant under long-term agreements to shore up its security posture, T-Mobile added August 27. KPMG will "review of all T-Mobile security policies and performance measurement. They will focus on controls to identify gaps and areas of improvement", while Mandiant will "support us as we develop an immediate and longer-term strategic plan to mitigate and stabilize cybersecurity risks across our enterprise."