T-Mobile probes 'huge data breach' as hackers claim they have names & social security numbers of 100m customers
T-MOBILE is currently investigating claims of a massive customer data breach which hackers claim has affected 100 million users.
The data breach reportedly includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver's license information.
[...] The post didn't mention T-Mobile specifically, but when contact by VICE the seller claimed that the data had been lifted from T-Mobile Servers.
"T-Mobile USA. Full customer info," the seller told the outlet, adding that the information of 100 million customers had been compromised.
(Score: 0) by Anonymous Coward on Monday August 16, @08:14PM
This raises the question, why can't we do better than social security numbers for authentication? It's not a question of technology, just our willingness to make the change. One alternative is public key encryption and assigning everyone a key pair that gets updated from time to time as algorithms and key sizes change. Store the private key in specialized hardware so that it's very difficult to extract the key, then link it to a password or biometrics to reduce the chance that a lost key could compromise a person's identity. Maybe this isn't the best way, but my point is that there are far better approaches for authenticating a person than what we have now. SSNs were never intended to prove identity, and it's a terrible idea to use a password that cannot be changed. Use then to identify, but not authenticate, a person for social security and perhaps tax purposes. That's it.
(Score: 4, Informative) by Gaaark on Monday August 16, @08:23PM (1 child)
Sue T-moberts ass for negligence in keeping their customers info safe. Make them pay big time and maybe security will not be the area they cut first to pay for the espresso machine.
(Score: 2) by Snotnose on Monday August 16, @08:29PM
This. You have to make someone an example or every company will run the calculus of "$x for security vs $10%x if breached". We need to turn that around so it's $10x if breached. Be nice if some Cxx folks were sued into bankruptcy and/or sent to prison, but that's too much to ask.
(Score: 2) by hendrikboom on Monday August 16, @08:32PM (3 children)
Why would T-Mobile ever need to keep social security numbers of driver's licence information?
(Score: 0) by Anonymous Coward on Monday August 16, @08:37PM
It's likely used for credit checks and reporting. That's my guess. I know that I needed to provide some of that information to Verizon many years ago when I signed up for service. As I said above, everyone's information has been compromised many times over. This is a large breach, sure, but there are so many that everyone should just assume they've been compromised repeatedly. There's no reason to think the information I provided to Verizon is any more secure. Perhaps it's also been compromised and we just don't know about it. At this point, I'm convinced the only solution is to prohibit the use of SSNs for authentication and move to something more secure. I can only assume that enough people have financial interests in maintaining the status quo, despite the cost of identity theft, that we haven't eliminated this problem.
(Score: 2) by Tork on Monday August 16, @09:05PM
Phone purchases via payment plans.
(Score: 0) by Anonymous Coward on Monday August 16, @09:21PM
PATRIOT Act?