Many individuals and organizations face the consequences of cyber-attacks which might result in data breaches. In the first quarter of the current year, T‑Mobile faced a malicious attack resulting in the data breach of personal information of many customers. No system is 100% secure and risk-free; however, various measures might reduce vulnerability. Organizations should conduct a detailed security audit of their system to find out any weaknesses and take comprehensive measures to mitigate the risks.
Breach, Abuse Techniques, and Damages
According to the details of the incidence, hackers accessed the system of T‑Mobile, a leading mobile operator in the USA, through a third-party email vendor. The hackers got access to the names, addresses, bank account numbers, phone numbers, social security numbers, and government identification numbers, rate plans, and features (Turner, 2020). The cellular company issued a notice to its customers informing about the incidence and its consequences. The abuse technique was hacking through a malicious attack that targeted T‑Mobile employee email accounts. Hacking refers to unauthorized access to a computer system (Romney & Steinbart, 2017). In this case, hackers used a third-party email vendor to gain unauthorized access to the computers of employees of T‑Mobile. Many of hacked accounts contained information for T‑Mobile employees and customers ("Notice of Data Breach," 2020). The attack raised questions about the IT security system of the company.
The incidence damaged the interests of T‑Mobile and its customers. The company had to offer some free services to the customers which included free credit monitoring and identity theft detection services ("Notice of Data Breach", 2020). Hackers might have used the sensitive information of the customers to gain unauthorized access to the financial resources of the customers. To prevent this action of the hackers, the company offered a security freeze service through which the customers might secure the issuance of their credit report ("Notice of Data Breach", 2020). The incidence of data breach damaged the goodwill of T‑Mobile; although, the company took some corrective measures.
The company might have conducted a detailed security audit of the system. Usually, such checks reveal the vulnerabilities in the system. The organization should have enhanced the quality of its firewall and virtual private network (VPN). It might be expensive, but it is necessary. Cyber-attacks might force some companies out of business (Steinberg, 2019). Therefore, experts recommend rebuilding business IT immunity as hacking incidences are on the rise (Sayegh, 2020). However, as discussed previously in this report that no IT system is hack-proof. To mitigate the risks of such attacks in the future, T‑Mobile should train its employees to understand the techniques of cyber attackers. Once the security system is secure, the availability of trained employees reduces the risk of data breaches significantly.
With time, hackers have invented new ways to get access to IT systems. Organizations should be aware of the risks of unauthorized access to their computers. The cyber-attack on T‑Mobile proves that large organizations might also face data breaches that might damage their goodwill and increase the expenses of the business. The company had to spend on credit monitoring and identity theft detection services; moreover, the customers had to face the risks of breach of sensitive information. The company should conduct a detailed IT system audit and improve its VPN and firewalls. Apart from this, the entity should invest in the training of its employees to mitigate the risks of such occurrences in the future.
Notice of Data Breach. (2020). T-Mobile. Retrieved 27 June 2020, from https://www.t-mobile.com/responsibility/consumer-info/pii-notice.
Sayegh, E. (2020, June 24). There’s no vaccine for data leaks: Why one cyber-attack leads to another. Retrieved 27 June 2020, from https://www.forbes.com/sites/emilsayegh/2020/06/24/theres-no-vaccine-for-data-leaks-why-one-cyber-attack-leads-to-another/#26a565677300.
Steinberg, S. (2019, October 13). Cyberattacks now cost companies $200,000 on average, putting many out of business. Retrieved 27 June 2020, from https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html.
Turner, S. (2020, January 3). 2020 Data Breaches - The worst breaches of the year. Retrieved 27 June 2020, from https://www.identityforce.com/blog/2020-data-breaches.