[HN Gopher] T-Mobile investigating claims of 100M customer data ...
___________________________________________________________________
T-Mobile investigating claims of 100M customer data breach
Author : hourislate
Score : 49 points
Date : 2021-08-15 20:51 UTC (2 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| cascom wrote:
| I feel like companies like this should have to register a data
| breach like this in a national register, and then should someone
| become a victim of identity theft, the companies on that register
| associated with that person should bear the costs associated with
| that theft (importantly without the victim having to show that it
| was a direct result of that breach). E.g. John Smith
| ss#123-45-6789 (T-mobile, Experian) has a false refund filed in
| his name, $10k in legal costs associated with clearing his name,
| t-mobile and experian each owe him $5k...
|
| Until companies are held accountable for the negative
| externalities they are causing, this won't end.
| slg wrote:
| Plus money for time and stress this causes. Often people won't
| be responsible for huge financial outlays once these issues are
| resolved, but it can take countless hour and an unmeasurable
| about of stress to get there.
| dheera wrote:
| Yes this. Every hour on the phone is an hour less salary for
| many people.
| maxerickson wrote:
| You shouldn't become a victim when a bank opens a fraudulent
| account.
|
| The law shouldn't be that someone else has to pay the costs,
| the law should be that you tell them to prove it was you that
| acted to open an account and they go pound sand if they can't
| do that.
| jjeaff wrote:
| I agree. Surely there are cases where people have sued the
| bank or whatever provider for opening an account in their
| name. It seems like I should just be able to send them a
| certified letter that says no, i didn't open that account,
| please close and correct your credit reporting unless you
| have proof otherwise. If you don't comply I'll see you in my
| nearest small claim court. Seems like it would be an open and
| shut case.
| acdha wrote:
| Yes - "identity theft" in common usage has been a
| phenomenally successful effort by financial companies to
| shift the cost of their negligence to the consumer.
| ljm wrote:
| Running with this idea, then as a customer, John Smith
| shouldn't have to even think about 10k worth of legal costs to
| clear his name. It should be cleared for him.
|
| Basically multiple layers of regulation in the form of consumer
| protection laws that put the onus on businesses to be
| accountable for what they do. You can't blame the victim for
| having their identity stolen just because they chose T-Mobile
| over a competitor, or expect them to fight the case in court
| (which most people won't do because it's too expensive).
| jalino23 wrote:
| then this national register gets breached what now
| cascom wrote:
| They add their name right next to t-mobile's
| jabroni_salad wrote:
| The HHS keeps a list for healthcare orgs, actually:
| https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
|
| A lot of incidents get reported to the state attorney general
| offices that the customers reside in, as well, but that is less
| convenient to keep an eye on since there are 50 of them.
|
| These don't really make the news because there are just too
| many of them to keep up with. One of my clients recently had to
| send breach notifications to all their customers and it did not
| even make the local papers. This is a town of 20k people where
| nothing ever happens and apparently that wasn't enough to waste
| ink on.
|
| The takeaway here is that there is infinite work available for
| security incident responders, if you are looking for a change
| of pace.
| contingencies wrote:
| T-Mobile runs billing on https://en.wikipedia.org/wiki/Amdocs
| caconym_ wrote:
| The data from the Equifax breach, as bad as that breach was (and
| as criminally derelict in its duties our government was in
| extracting meaningful accountability from them) does not seem to
| have made it onto the black market.
|
| If they're already selling the data, this one could be a lot
| worse in practice.
| ummonk wrote:
| Is there any evidence this isn't a scam? Surely if it were real,
| the purported hacker would have already publshed a subsample to
| prove it?
| malwarebytess wrote:
| As opposed to the intentional breach earlier this year that they
| gave customers only one month to opt-out of?
|
| https://fortune.com/2021/03/09/t-mobile-sprint-metro-data-pr...
| rafale wrote:
| Got my t-mobile SIM hijacked and the hackers changed my email,
| then tried to get access to my Coinbase account. Thank god I was
| using a 2FA app for the latter.
|
| To this day I don't know how the hackers did it. Thru social
| engineering on phone? In person at an agency with fake id? Or a
| corrupt insider working at T-mobile.
|
| This happened after the Ledger hack. My SSN was also leaked in
| the Equifax hack. This experience made me realize how much of a
| joke the concept of "identity" is in our society. It can be
| bought and stolen like any asset.
| arkadiyt wrote:
| Most carriers, including T-Mobile, support a "NOPORT" feature
| to disallow porting your phone number:
|
| https://www.vice.com/en/article/ywa3dv/t-mobile-has-a-secret...
| netsec_burn wrote:
| When you say most carriers, which ones are you specifically
| referring to?
| [deleted]
| [deleted]
| arboghast wrote:
| Doesn't surprise me considering their POS systems have regular
| users (employees) as local admins.
| koolba wrote:
| Does POS refer to "point of sale" of "piece of shit"?
| kQq9oHeAz6wLLS wrote:
| Both, apparently.
| jondwillis wrote:
| low quality post: can't wait for my two free years of Experian.
___________________________________________________________________
(page generated 2021-08-15 23:00 UTC)