Three different cybercriminal organizations claim to have infiltrated T-Mobile in more than 100 separate incidents throughout 2022.

How it Happened

In the most recent attack lasting through January 2023, hackers phished T-Mobile employees for access to internal company systems to gain access to customers’ data. The cybercriminals were able to divert any T-Mobile user’s text messages and phone calls to another device, known as “SIM-swapping.” SIM swapping involves temporarily seizing the control over a target’s mobile phone number. To complete this, the hacker needs the customer’s phone number and the serial number tied to the new SIM card used to receive text messages and phone calls from the hijacked phone number. A SIM swap against T-Mobile customers can fetch a price tag of up to $1,500 per account.You may be asking yourself, how are these hackers gaining access to T-Mobile at this frequency? The hackers employ a group of people dubbed “callers,” to trick T-Mobile employees by posing as the company’s IT department. From there, they get the employee to visit a phishing website that mimics the company’s employee login page. Once the employee logs in, they steal their credentials. Some people view these crimes as “low tech,” but in actuality these scams are very complex and have a lot of moving parts to ensure they get in and out without being detected. Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. This means stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life very quickly.As of 2022, T-Mobile reported revenues of $80 billion and 71,000 employees. Over the last five years, T-Mobile has experienced multiple breaches of customer data. In July 2022, T-Mobile agreed to pay customers $350 million from a class action lawsuit after the company disclosed in August 2021 that personal data including Social Security numbers and driver's license info had been stolen. Nearly 80 million U.S. residents were affected by this breach. At the same time, T-Mobile announced they would be investing $150 million through 2023 to fortify its data security and other technologies. Prior to the August 2021 intrusion, the company disclosed breaches in January 2021, November 2019 and August 2018 in which customer information was accessed.

What You Can Learn From T-Mobile

Any business, regardless of size, has the possibility to be hacked through these same tactics. To make sure your employees do not fall victim to “callers,” establishing a security-centric culture is one way to make sure they have the tools and knowledge needed to not unknowingly give away company data. A quality cybersecurity culture includes:

• Mandatory ongoing training on the various topics of cybersecurity
• Defined protocols and policies
• Leadership involvement
• Educating employees on how their roles and responsibilities relate to cybersecurity
• Understanding and standing behind security investments
• Assess the program’s progress and adjust as you go

Another way to protect yourself is to have a cybersecurity assessment performed. By conducting a formal cybersecurity assessment, you can understand the risks related to your hardware and software, run fake phishing scams on unexpecting employees, identify any potential vulnerabilities and implement internal controls and other protective measures to reduce risk. The value of a cybersecurity assessment comes from gaining an understanding of where your security gaps are, next steps that need to be taken, identifying who needs to be involved in your cybersecurity measures and how to make informed investments. It is more important than ever to ensure your organization is prepared to identify potential threats early on and reduce your security exposure to heightened risks. As seen through the T-Mobile breach, this can be happening without your knowledge. No matter the current status of your cybersecurity program, Doeren Mayhew’s IT Advisory and Security team can guide you through understanding your security position, offer solutions to keep you protected and implement strategies to combat attacks, positioning your organization to turn risks into opportunities. For more information about our cybersecurity service provider offerings, contact us today.