Scribd Logo
Upload

Welcome to Scribd!

  • 30 views

    Applied Project Attack Case Study

    Uploaded by

    desalew baye

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Applied Project Attack Case Study

    Uploaded by

    desalew baye
    30 views6 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    30 views6 pages

    Applied Project Attack Case Study

    Uploaded by

    desalew baye

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Case Study

    Attack Category

    T-Mobile

    © Copyright IBM Corp. 2023


    On August 17, 2021, T-Mobile learned that a bad actor
    illegally accessed and/or acquired personal data. The bad
    actor first gained access to T-Mobile systems on or before
    July 19, 2021. Our investigation is ongoing, but we have
    verified that a subset of T-Mobile data had been accessed
    and/or acquired by unauthorized individuals and the data
    Attack Category: stolen from our systems did include some personal
    Examples: information. The latest details about the affected data are
    available
    ransomware,
    vishing, spear
    phishing,
    injection, etc.
    The mobile service provider said in a statement that it had
    been investigating the data
    breach since last week, when it was “informed of claims
    made in an online forum that a
    bad actor had compromised T-Mobile systems.”
    The company said the stolen files included information
    from approximately 7.8 million
    current T-Mobile accounts, as well as records of more than
    Company 40 million former or
    Description and prospective customers who had applied for credit with the
    company.
    Breach Summary Some of the exposed data included customers’ first and
    last names, social security
    numbers, driver’s license and other information, T-Mobile
    said. It also included the PINs
    of about 850,000 active prepaid customers
    A cyber attack on T-Mobile uncovered the information of more than 40
    1 million people.
    .

    found and immediately closed the access point that we trust it was used to
    2 illegally gain entry to our servers.

    Contribution two years of free identity protection services with McAfee’s ID


    3 Theft Protection Service to any person who believes they may be affected

    Timeline
    Recommending that all eligible T-Mobile customers sign up for free scam
    4 blocking protection through Scam Shield

    Offering an extra step to protect your mobile account with our Account
    5 Takeover Protection capabilities for postpaid customers, which makes it
    harder for customer accounts to be fraudulently ported out and stolen.

    Around 850,000 active T-Mobile prepaid customer names, phone numbers


    6 and account PINs were wide-open
    Vulnerabilities

    Vulnerability 1 Vulnerability 2 SMS phishing SIM swapping


    Overall Summary Victim profiles The more
    The mobile operator attacks could be launched Another type of attack that
    revealed that the breaches occur, the
    compromised data over SMS messages, is specific to
    included full names, easier impersonating the mobile phone users is SIM
    dates of birth, SSNs and
    driver’s license/ID it is for attackers to build operator. At first glance, in swapping. This is when an
    information for 7.8
    million current T-Mobile complete victim profiles the case of the 48 million attacker
    postpaid customers as
    well as over 40 million and launch attacks that current, former, and manages to convince a
    former or prospective
    customers who had are prospective T-Mobile mobile operator to associate
    applied for credit with
    increasingly hard to customers whose personal a
    T-Mobile. No phone
    numbers, account details were exposed. victim's phone number with
    numbers, PINs, detect
    passwords, or financial a SIM card under their
    information were by both companies and control
    exposed for these users.
    However, names, phone users. to receive all their phone
    numbers, and account
    PINs were exposed for calls and text messages
    850,000 active T-Mobile
    prepaid customers
    Costs Prevention

    T-Mobile said 7.8 million postpaid service T-Mobile is proposing all impacted customers a

    customer records were stolen by hackers. The free two-year subscription for McAfee's ID Theft

    data of about 850,000 prepaid customers was Protection Service, which take account of credit

    also hacked, as well as more than 40 million monitoring, full-service identity restoration,

    Costs and records of former or prospective customers. identity insurance, dark web monitoring…

    Prevention •The data breach could turn out to be an • Business and postpaid customers can also enable

    expensive one for the mobile operator, as new T-Mobile's Account Takeover Protection service for

    investigation shows the ordinary cost of a data free and all T-Mobile users can use the company's

    breach has increased to more than $4.7m. Scam Shield app that allows caller ID and

    automatically blocks calls identified as scams

    You might also like