Attacks/Breaches
10/6/2008
01:28 PM
50%
50%

T-Mobile Lost 17 Million Subscribers' Personal Data

The wireless carrier said the stolen data includes the names, cell phone numbers, addresses, and birth dates of German subscribers.

Deutsche Telekom said it lost personal data for about 17 million T-Mobile Germany customers in the spring of 2006.

Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens. The company said the records did not contain bank details, credit card numbers, or call data.

T-Mobile Germany said it reported the data breach to prosecutors in 2006, and that there was no evidence that the data had been misused by unauthorized parties. But the issue came to light when German magazine Der Spiegel said it was recently able to access customer information through a third party.

"We are very concerned by the fact that the incident from 2006 is relevant once again. Until now, we were under the assumption that the data in question had been recovered completely as part of the investigations of the public prosecutors' office and were safe," said Philipp Humm, managing director of T-Mobile Germany, in a statement. "Notwithstanding the fact that the culprits have been at work with a tremendous criminal potential, we earnestly regret to say that we have not been able to protect our customer data in line with our standards."

T-Mobile Germany said it has taken multiple steps to shore up its security since the breach, including tighter restrictions on who has access to information, more complex passwords, and increased monitoring of security systems. Subscribers are encouraged to call a toll-free hot line if they're concerned that their information has been compromised.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!