T-Mobile Breaches 17 Million
Laptop Security Blog T-Mobile Breaches 17 Million
October 17th, 2008
Author: arieanna
Who Breached: Deutsche Telekom’s T-Mobile
Number Affected: 17 million
Information breached: Social Security Numbers
How: laptop
T-Mobile, subsidiary of Deutsche Telekom, has issued notice that a major data breach from 2006, affecting 17 million customers, has resurfaced as an issue. The information included names, addresses and phone numbers. No banking details were lost.
The data loss occurred in 2006, but details of the breach event became public on October 4th, 2008 in this statement. The company published this report publicly after a German news magazine reported that the data was up for sale on the Internet.
Deutsche Telekom says that a data storage medium with records for 17 million people was found, and that there was no record of unauthorized use of the data. However, the German news magazine found the data online for sale. The data includes home address and unlisted phone numbers for celebrities, business leaders, government ministers and more.
Here is an excerpt from Duetsche Telekom’s response:
In spring 2006, Deutsche Telekom immediately reported the theft to the responsible public prosecutors’ office. Within the scope of their investigations, the public prosecutors’ office was able to recover storage media. Extensive research conducted over several months on the Internet and in data trading places could not reveal any clues indicating that the data had been offered or disseminated on the black market. Owing to this, Deutsche Telekom assumed that there would be no dissemination of the data. However, Der Spiegel was apparently able to access the data in question via third parties.
The company expresses concern that the breach incident is relevant once again, being previously under the assumption that the matter had been closed. They “regret to say that [they] have not been able to protect… customer data in line with [their] standards.”
Deutsche Telekom says that security measures have been significantly tightened since 2006. These measures include: complex passwords, access authorization, and access monitoring, among other measures. They have set up a FAQ on the data breach here.
Other recent notable data breaches:
- University of North Dakota – Stolen Laptop, 84,554 affected [more]
- University of Indianapolis – Hacker, 11,000 affected [more]
- The Whittington Hospital NHS Trust – lost CDs, 17,990 affected [more]
- CCN – hacker, 98,930 affected [more]
Via datalossdb.org, vnunet, NY Times
Category: Data Breach, Real Theft Reports, Security Breach | 
1 Comment »
These data breaches and thefts are due to a lagging business culture. As CIO, I’m always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading (specific chapters, depending on nature of projects) is “I.T. Wars: Managing the Business-Technology Weave in the New Millennium.” It has a great chapter regarding security (among others).
We keep a few copies kicking around – it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.
The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html
The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use; I like to pass along things that work, in the hope that good ideas continue to make their way to me. I hope you can make use of this info…