![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/11\/image-16.png\")
<\/figure>\n\n\n\nT-Mobile US Inc. or \u201cT-Mobile\u201d, is a US based wireless network operator that mainly provides services like voice, text, video calling, and data communications to postpaid, prepaid, and wholesale customers under T-Mobile brands. This company also engaged in the distribution of smartphones, routers, and other mobile communication devices. T-Mobile also operates in Canada with unlimited talk, text, and setup or roaming charges exempt.<\/p>\n\n\n\n
Analysis of Each Cyber Attacks<\/h3>\n\n\n\nT-Mobile\u2019s Data Breach\u2019 2020<\/h4>\n\n\n\n
T-Mobile faced a cyberattack in 2020 where lots of personal data got stolen. Though the company denied that no customer data was leaked during the cyberattack, nevertheless, hackers from the dark web forum affirmed that, they accessed a total of 100 million customers personal information like names, phone numbers, home addresses and IMEI numbers. Additionally, they disclosed that they have reached the server through hosting phishing attacks over mail-SMS text messages, and scam calls to the end user. Hackers also used the SIM card swapping technique where bad actors can take control of the end user\u2019s phone number, which led them to effectively access\u00a0 their account and prevent the end user from entering the account.<\/p>\n\n\n\n Furthermore, cyber attackers exploited this process by interrupting text messages intended for authorization, which also allowed them to obtain access to other accounts linked to the individual end user\u2019s phone number.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/em><\/p>\n\n\n\n In 2021, personal information of over 50 million customers of T-mobile, including SSN (Social Security Number) got leaked. During the data breach, previous, present, future potential customer and postpaid customers got affected. However, one good thing about this event is that bank details of each customer were safe during the hacking. The American hacker, John Brinns, who took the responsibility of this hacking, mentioned that the routers and IP addresses of T-Mobile company were very weak, which allowed him to grab data from more than 100 servers. In this type of attack, hackers observe the system\u2019s public isolated network components and try to find a weak window in the network architecture that acts as digital home addresses for other devices connected to the network. Binns didn\u2019t mention about any settlement with T-Mobile; nonetheless, he does mention trading the data into dark web that will be used for identity theft or future possible cyber-attacks.<\/p>\n\n\n\n After facing several data breaches, yet flaws remain in T-Mobile\u2019s servers, and they faced another huge cyberattack in 2023. In this recent attack, over 37 million customer\u2019s data, like birthday and contact information got leaked. The company ensured that, no sensitive information like bank details or Social Security Number was stolen during the cyberattacks. The data breach actually happened on November 25th<\/sup>, 2022, and the company declared the news after 8 weeks, on January 19th<\/sup>, 2023. In this cyberattack, hackers used APIs to enter the system.<\/p>\n\n\n\n API, or Application Programming Interface is a type of software interface that works as a connection channel between computers or their programs. In this type of attack, hackers attempt to manipulate APIs by locating the system, security details like how the API is constructed and applied. After that, hackers try to find the weaknesses of the system like insufficient encryption and poor authentication which led them into cyber-attacks like DDOS (Distributed Denial of Service), MITM (Man-In-The-middle), API injection attack.<\/p>\n\n\n\n After facing many frequent cyberattacks, it is obvious that there was insufficiency in the company\u2019s data security protection. Telecom companies should take proper security measurements against cyber attacks as they engage with consumers sensitive data. Hackers are more advanced these days, and they look for every tiny loophole in the system. As a consequence, every company that is occupied with people\u2019s sensitive data should increase their data privacy threshold up to the mark. At the end, penalty cannot retrieve the stolen data.<\/p>\n\n\n\n Reference:<\/strong><\/p>\n\n\n\n A total $31.5 million penalty has been issued against a famous telecom brand, \u201cT-Mobile\u201d to settle an investigation by the Federal Communications Commission (FCC) for a past series of data breaches that leaked millions of personal data. This company has reached an agreement with the US Federal Communications Commission (FCC) to give $15.75 million as … <\/p>\n![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/11\/image-17.png\")
<\/figure>\n\n\n\nT-Mobile\u2019s Data Breach\u2019 2021<\/h4>\n\n\n\n
![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/11\/image-18.png\")
<\/figure>\n\n\n\nT-Mobile\u2019s Data Breach\u2019 2023<\/h4>\n\n\n\n
![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/11\/image-19.png\")
<\/figure>\n\n\n\n\n