By Martin H. Bosworth
ConsumerAffairs.Com
June 9, 2009
After an unknown individual publicly posted what they claimed were sensitive records belonging to telecom provider T-Mobile, the company confirmed that it had been hacked, but that the information was not sensitive or endangering of customer privacy.
The alleged culprit posted records to Full Disclosure, a mailing list for security professionals, on June 6. "We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009." The post was accompanied with a list of records.
"We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder," the author added.
T-Mobile issued several statements after the breach, all of which downplayed the alleged hack as not threatening to customers' information. On Tuesday, they said "[t]he company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected."
The company would not disclose what the mysterious records were, though some theorize the information relates to internal audits. Brian Krebs, author of the Washington Post's "Security Fix" blog, warned against taking anything said on the "Full Disclosure" list as truth without more verification.
"The Full Disclosure mailing list often contains some real gems of timely information, but the list also is known to have a rather low signal-to-noise ratio," Krebs said.
The economic stimulus package contained provisions updating federal data breach law to mandate disclosure to law enforcement and the public — but not at the same time — if the breach was of significant size, and the data was unprotected. Under the law, T-Mobile would have to notify their customers of a breach, but not until after law enforcement is notified and investigates.
