T-Mobile Hit by Insider Breach; Staffer Steals Over 1.5 Million Customer Records
Following the high-profile data breaches of LinkedIn, Tumblr and MySpace, T-Mobile is the latest victim. However, this time it's not the Russian hacker who has sold over hundreds of millions of account details en masse in the last two months. T-Mobile has been hit by one of its own - an employee.
T-Mobile employee steals and sells consumer data
One of the T-Mobile staffers has managed to steal over 1.5 million customer records, trying to sell the data for profit. The incident happened at T-Mobile Czech Republic, where a member of a "small team that normally worked with customer data," apparently having access to over 1.5 million customer records attempted to steal and subsequently sell the data. The carrier hasn't shared any more details due to an ongoing police investigation. But, the company did say that the records didn't contain location, traffic, and any other sensitive information "such as passwords."
The company has assured its customers that the stolen database didn't contain any sensitive information, as the database was of "marketing nature." In a statement, Milan Vasina, Managing Director at the T-Mobile Czech Republic said the "data are safe:"
This is a case of a failure of an individual and not a system or procedural failure. Thanks to our robust security mechanisms, we were able to respond immediately and secure the database, which had a purely marketing nature; it did not contain any location or traffic data or sensitive data such as passwords.
We would also like to rebut speculation that the data leak was connected with the signal failure on 19 April. These two incidents are completely unrelated; from a technological perspective, such connection is absolutely excluded.
The local media has reported that this is the largest known breach ever happened in the Czech Republic. Czech Police's Unit for Combating Organized Crime is investigating the breach. T-Mobile has said that its clients won't be exposed to any security risks, except for potentially being "approached with unsolicited marketing offers." So, be ready for some more scam in your emails.