Why It Happened ?
The security team at T-mobile noticed some unauthorized and malicious access to some pre-paid wireless accounts. It was reported to the authorities promptly and the malicious access was stopped. No major sensitive data like social security number or passwords were leaked in the process.
What Can You Learn ?
The above attack used various loopholes at various stages and we can list a few mitigation steps from it.
- Regular Scan For Malicious Activities scanning for red flags, unauthorized access and having the right protocols for automated alerts can be a huge bonus
- Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
- PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
- Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors