T-Mobile executives claim the company’s cybersecurity investments are paying off despite a series of security incidents.
“The investments we made for 2022, including our cybersecurity capabilities, showed up in significant ways a few weeks ago.” CEO Mike Siebert said Wednesday during the company’s fourth quarter of 2022. Financial results announcement.
“After identifying a criminal attempt to access data through our API, we shut it down within 24 hours. We protected customer data from being accessed,” Sievert told analysts.
The recent breach was the second of two large-scale attacks in the last 15 months. Start around November 25th It went undetected for almost six weeks, exposing the personal data of about 37 million customers.
Ah Massive data breach in August 2021 Ultimately, the personal data of at least 76.6 million people were exposed.
The Black Friday attacks on wireless carriers had about half the number of publicly disclosed people and did not include the more sensitive PII.
“Although we are disappointed that criminals were able to obtain customer information, we are confident that our proactive cybersecurity plan, assisted by global experts, will help us achieve our goal of being second to none. in this area,” says Sievert.
After the earnings call, T-Mobile declined to answer questions about ongoing investigations and specific areas of cybersecurity investments. pledged to invest $150 million. $500M Class Action Settlement It arrived last summer.
The latest incident is T-Mobile’s eighth publicly acknowledged data breach since 2018, and it’s growing. Google Fi, a virtual network that primarily uses T-Mobile’s infrastructure, informed some customers earlier this week that their personal data was also compromised as a result of the attack.
of Repeated Attacks Highlight Unresolved Issues Analysts say T-Mobile is a hot target for threat actors.
“All communications service providers in the world are subject to relentless cyberattacks 24/7.” Stéphane Téral, Chief Analyst, LightCountingsaid in an email.
The bigger the target, and T-Mobile is one of the 20 largest network operators in the world by market capitalization, making it the biggest target. T-Mobile “seems to be more affected than its peers, but the full extent is unknown.”
The lack of visibility and control highlighted by the gap between the threat actor’s initial intrusion and T-Mobile’s detection is unacceptable. Teral said. “It suggests that something is wrong internally and needs an urgent fix.”