On Saturday, August 21, 2021, TMobile revised their number of customers affected by the recent attack was an addition five million, bringing the total to over 50 million people.
Names, drivers licenses, birth dates, addresses, and social security numbers were among the data stolen in a “highly sophisticated cyberattack”.
The company now faces a class-action lawsuit due to the breach.
This is at least the fourth known hack since 2015 on TMobile. A seller on an underground forum offered six BTC for all the data, which is how the company was made aware of the infiltration.
Does TMobile suffer from a bad organizational structure, the wrong people in security, lack of investment in security, all of the above? Countless other firms will remain wounded sheep so long as the legal and regulatory environment does not incentivize security understanding and investment.