Data losses in the telecom (short for telecommunications) industry aren’t always caused by hackers. In some cases, insider knowledge is the direct cause of the problem. In this article we’ll explore how security breaches affected customers for T-Mobile, AT&T, and Vodafone. Then we’ll address how to safeguard your documents from security threats by insiders.
T-Mobile Lost Data for 17 Million Subscribers
Not all data losses are made public immediately. In this particular case, it took more than two years to report a breach to the public, even though it was reported to prosecutors at the time of the breach. The announcement that Deutsche Telekom lost personal data for about 17 million German T-Mobile customers came in October of 2008.
The actual breach occurred in the spring of 2006. The incident only came to light when a German magazine Der Spiegel said it was able to access customer information through a 3rd party.
These developments are concerning; the director of T-Mobile said the company was under the assumption that the data had been sufficiently recovered.
Since the incident in 2006, T-Mobile Germany has taken steps to enhance security by placing tighter restrictions on information, using more complex passwords, and monitoring security systems.
AT&T’s Security Leak Leaves 114,000 Apple iPad Owners at Risk
The US phone network AT&T acknowledged the leak in June 2010. The company stated that only subscribers’ email addresses were leaked. The issue had also been escalated to the highest level of the company, but that might not help concerned customers feel better about this particular security breach.
A team of hackers calling themselves Goatse Security were able to use a flaw in the AT&T website to get the email address of any AT&T subscriber by providing a piece of data called an ICC-IDS. As a response, AT&T has essentially turned off the feature on the website that provides these email addresses.
Unfortunately, the leak affects iPad owners like the White House Chief of Staff. This is definitely bad publicity for Apple and its 3G-enabled iPads. The names and email addresses of members of the US Senate and House of Representatives, staff at NASA and the Department of Homeland Security, the New York Times, Viacom, and Time Warner are also potential victims of this data loss. That’s because everyone who is someone jumped on board and bought one of the 2 million iPads that Apple had already sold between April and June of 2010.
There is a possibility that every US owner with an iPhone 3GS or 3G iPad had their email address stolen by the group of hackers. The silver lining is that this only seems to affect US customers unless British networks that provide connectivity for the iPad have the same flaw as the AT&T website.
Insider Steals Two Million Records from Vodafone Germany Customers
Hackers from the outside aren’t the only security threat to the telecommunications industry. In 2013, an insider was able to gain access to over two million records from German Vodafone customers. The data accessed by the attacker includes names, gender, birth dates, bank account numbers, and bank sort codes.
On the bright side, the hacker was not able to access credit card numbers, PINs, passwords, or mobile phone numbers. Unfortunately, it only takes bank account numbers and bank sort codes to go on a spending spree in Germany, which makes this a serious security breach.
Since the breach included a large amount of information, affected customers may become victims of phishing emails. Vodafone notified the customers in Germany by mail of the incident warning them not to give out any information to an unverified source.
Because the attack was conducted with insider knowledge, Vodafone changed its passwords and certificates on all administrators and completely reinstalled the affected server for security reasons.
The Insider Threat to Cybersecurity
Incidents such as the one concerning Vodafone reminds us that danger not only comes from sophisticated hackers but from insiders within the company as well. Whether it’s an employee or a 3rd party independent consultant, every organization has to exercise caution when allowing someone access to their documents and databases.
There are at least three things that organizations must to do to reduce the likelihood of insider hacks. First of all, it’s important to conduct background checks on every individual who will be given access to sensitive data. Second, it’s a good idea to limit access for any given user to the documents they need to do their job. Role-based user access can help you give employees the information they need without exposing all of your sensitive data. Last but not least, it’s important to audit the flow of documents inside your company and monitor security closely.
How eFileCabinet Supports Cybersecurity for Your Company
We know how important it is to keep your documents safe from unauthorized access. That’s why we provide you with data encryption for all of your files. We also help you by offering role-based user access and an audit trail that documents the life of your files. Security is of utmost importance to us. If you have any questions about how we can keep your documents safe, please feel free to call or chat with us.