T-Mobile maintained that the data posted to the Full Disclosure Web site Saturday indeed belonged to the company, but said claims that hackers took customer or corporate data were false.
"The document in question has been determined to be a T-Mobile document, though there is no customer information contained in the document," the company said in a statement. "There is no evidence to indicate that the T-Mobile security system was hacked into nor any evidence of a breach."
On Saturday, hackers posted what appeared to be network scans while claiming that they had broken into a T-Mobile database that gave them access to untold numbers of customer accounts and sensitive corporate data.
"We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the hackers said in an e-mail. However, attempts to contact the hackers at the address in their e-mail -- pwnmobile@safe-mail.net -- resulted in a mail system delivery failure notice.
The hackers wrote in the posting that they had attempted to sell the data to the company's competitors but were thwarted when they received no response. The hackers then said that the information would be sold to the highest bidder.
In a statement issued Monday, T-Mobile said that it was continuing to investigate the alleged hack, while maintaining that "the possession of this [posted file log data] alone is not enough to cause harm to our customers."
Despite the fact that the hackers' allegations appear to be false, security experts say that often, major telecom carriers such as T-Mobile suffer data breaches, as they rely on antiquated legacy systems that are difficult to secure.
Mike Logan, president of data security and IT consulting company Axis Technology, said that frequently, enterprise companies feel they are safe if they upgrade and secure some new areas, but leave others alone, believing that at-rest data is not a target for cybercriminals.
One possible solution would be for companies to "mask" sensitive data with fictitious or "fake" information, Logan said.
"If data is stolen, masked data is useless to a thief because it is out of context with no way to utilize it outside of the environment," Logan said via e-mail. "So for example, if someone hacks into a database, loses a laptop or loses a box of printouts, the data is entirely safe, and unlike with encryption, the missing data does not need to be reported."
Meanwhile, Logan added that enterprise companies will continue to face increased extortion or ransom attempts.
"Thieves seem to be weighing two things -- the value of individual records to organized crime rings, which have been known to purchase records at a dollar apiece. In large volumes, that's a major payday," Logan said. "On the other hand, what is it worth to the organization who experienced the loss to prevent that from happening?"
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
