T-Mobile USA says it has found no evidence of a security breach, contradicting hackers’ claims to have accessed the company’s servers, compromising vital information.
T-Mobile said it was conducting an investigation into the matter and "found no evidence that customer information, or other company information, has been compromised.” However, the company said it was taking precautionary measures to protect its systems and customer information.
On Saturday, hackers posted a long list of T-Mobile server names on the Web site insecure.org, claiming “we have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009.” The hackers claimed T-Mobile’s competitors weren’t interested in buying the data and it was now being offered to the highest bidder.
Although T-Mobile could not be reached for comment about the veracity of server names by press time, the company previously said it had identified the document from which information was copied, and believed “possession of this alone is not enough to cause harm to our customers.”
Although the string of code appears to be from an old system, Mike Logan, president of data security and consulting firm Axis Technology, said the break-in is a “wake-up call” for carriers, stressing that T-Mobile is not the only carrier at risk for security breaches.
“Details are emerging that suggest the breach was made possible by insecure legacy systems,” Logan said in a statement. “Many companies, especially carriers and telcos, have multiple types of legacy systems that are difficult to secure. Companies feel that they are safe if they upgrade and secure some new areas, but it’s okay to leave the others ‘as is.’ Since data is ‘at rest’ on most of these systems, they figure it's not a target for thieves. Not true.”
Logan said that sensitive information such as social security numbers and birth dates carried in some legacy systems is a prime target for thieves. “[While] thieves are no longer stealing data to use it for themselves, they're selling it to organized crime rings. At a dollar a record multiplied by a million plus records, that's quite the payday for a thief,” Logan said.