The Wall Street Journal delivered quite the scoop last week, sitting down (virtually, at least) with John Binns, the 21-year-old American expat who claims to be behind the massive T-Mobile data breach that compromised the personal details of more than 50 million people. The breach is the “third major customer data leak that T-Mobile has disclosed” in just the past two years, according to the Journal.
Binns claims to have accessed T-Mobile’s system using tools available to the general public that allowed him to scan T-Mobile’s “known internet addresses using weak spots” and then accessed “stored credentials” that gave him entry into “more than 100 servers.” Binns accomplished all of that in just a week, prompting him to characterize the second-largest mobile carrier in the U.S.’s security as “awful.” - WSJ
While the prevalence and skill of cyberhackers means that nearly any organization is at risk of a breach, this latest T-Mobile episode comes with some basic lessons for companies seeking to protect sensitive information:
- Acknowledge that the threat of hacking is real, no matter the size of the company, and allocate appropriate resources to evaluate cyber defenses—including conducting network vulnerability assessments
- Train personnel to keep passwords and other access credentials off of computer systems so that a breach can be contained instead of granting hackers digital keys to the entire network
- Engage in regular data audits that timely assess the need to retain sensitive data and deletes information as appropriate. Much of the T-Mobile data Binns stole “were from prospective clients or former customers long gone”—data that T-Mobile should have jettisoned when it no longer served the original purpose for collection.
The Robins Kaplan Privacy Pulse blog features privacy and cybersecurity litigation topics including the latest news in cybersecurity law and policy, privacy legislation, and other related cyber topics making headlines.
Related Attorneys
Partner
