Nexus Discusses T-Mobile Breach On PCTV

Nexus Discusses T-Mobile Breach On PCTV

T-Mobile recently suffered a major data breach, exposing the private information of millions of its users. Discover what you need to know in this recent PCTV segment, featuring members of the Nexus IT Consultants team.

T-Mobile recently confirmed that they experienced an extensive data breach that has affected millions of their current and past users. Nexus IT Consultants’ CEO Earl Foote and Sales Consultant Jon Rose recently appeared on Mountain Connections PCTV to talk about this major security incident:

What Do You Need To Know About The T-Mobile Data Breach?

“The forensic process takes time,” says Earl. “They are trying to figure out the extent of the breach.”

Here’s what we know right now — cybercriminals that breached T-Mobile have posted 100 million records for sale on the dark web, at a price of $280,000. The exposed information includes names, addresses, phone numbers, dates of birth, social security numbers, driver’s licenses, and unique smartphone identifiers and security pins.

When cybercriminals want to buy or sell private data, they go to the Dark Web. The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.

“Bad actors could do a lot of bad things with all that information,” says Earl.

What Should You Do If Your Data Was Breached?

If you’re a T-Mobile customer now or have been in the past, there’s a good chance your data is up for sale on the dark web right now. That’s why you need to take action right away and limit the value of that stolen data:

• Change the password associated with the account.
• Change your security pin.
• Update any copied or similar passwords on other accounts you have.

Furthermore, you’ll want to keep an eye on your credit and your identity for the foreseeable future. You should consider investing in a credit monitoring service, which will alert you if and when your private information is used to open new accounts, sign up for credit cards, or make purchases.

Do You Know If Your Data Was Breached?

You hear about data breaches and identity theft every single day. Don’t make the mistake of assuming it’s all being exaggerated to get your attention. If anything, there are too many data breaches for the news to keep up with:

• 81% of breaches are successful because the cybercriminal hacked weak passwords, or stole them in the first place.
• Data breaches can expose billions of records in a matter of months.

Given how pervasive modern cybercrime is, one of your primary duties as your business’ leadership is making sure your data is protected. But what if you’ve already been breached, and you just didn’t know it?

If you haven’t experienced a data breach, you’re probably confident that your data isn’t in anyone’s possession other than your own. But are you completely sure?

Did you know it takes most businesses up to 6 months to find out that they’ve experienced a data breach?

That’s why investing in protection isn’t enough — maintaining the integrity of your personal and business data requires you to make sure it hasn’t already been compromised and put up for sale online.

How Does Your Data End Up On The Dark Web?

Probably because you or one of your employees gave it up in the first place.

More often than not, cybercriminals will trick their target into giving up their information. The following strategies all fall under “social engineering”: the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

A few social engineering strategies they might use include…

• Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources; often with legitimate-looking logos attached.
• Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.
• Social Media Research: LinkedIn, Facebook, and other venues provide a wealth of information about organizational personnel. This can include their contact information, connections, friends, ongoing business deals, and more.

How Can You Keep Your Data Off The Dark Web?

• Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams. Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.
• Require the use of strong passwords and two-factor authentication. It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authentication.
• Consider investing in cyber insurance and conduct penetration testing. The cost of cybercrime will exceed 6 billion dollars by the end of this year. That’s a lot of money. Investing in cyber insurance is a good idea for businesses with a great deal of exposure.

If you have any questions or concerns about this situation whatsoever, please get in touch with our team.