Hackers strike again! This time, mobile giant T-Mobile was attacked by the cybercrime gang, Lapsus$ in a brazen theft of company source code. While the company has assured the public that no personal information belonging to their customers has been compromised, they did confirm that Lapsus$ stole credentials that allowed them access to T-Mobile’s “house operational tools software.”
This is the second time in as many years that T-Mobile was targeted, but whereas the last breach resulted in millions of names, birthdays, and Social Security information being stolen, this time, the hackers were shut down before they could do real damage. Company officials stated that their “systems and processes worked as designed” and “the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”
This hack represents a terrific example of how it’s critical for companies who hold valuable data (and personal customer information) to be proactive, rather than reactive, with their cybersecurity. Installing malware blockers, ensuring software patches are up to date, securing networks, tightening up endpoint security, and wiping old hardware before destroying it are all critical steps toward protecting company data and customer information. Likewise, training employees on data protection and communicating regularly with customers about remaining vigilant against possible phishing or other attacks is a great way to ensure everyone is invested in protecting data.
Scary enough, this hack was conducted by a handful of Lapsus$ affiliated teenagers in London. They were arrested soon after the attack, but officials believe that Lapsus$ is a growing threat (among so many) and companies (and individuals!) should stay on their toes.