In two separate incidents, two mainstream telecom firms namely Virgin Media, UK and Ireland’s leading cable operator, and T-Mobile, a subsidiary of the German firm Deutsche Telekom AG, have become victims of targeted cyberattacks.
According to a press release by Virgin Media, the company experienced a data breach at least once due to an unsecure and misconfigured marketing database, which led to the exposure of around 900,000 customers.
On the other hand, T-Mobile, published two different data breach notifications [1 % 2] (one addressing those who had their financial data impacted and second for did not). The company revealed that the data breach was caused because one of its email vendors got hacked, possibly leading to exposure of private and financial data of its customers.
Virgin Media data breach
Virgin Media claims to have initiated an investigation to find out the origin and causes of a data breach. The company claims that it noticed cyberattack on February 28, 2020, and believes that the hacker was probably accessing the database since April 19, 2019. So far, the company has no idea about the extent to which the data was accessed and what kind of information was used.
In the company’s press release Virgin Media CEO Lutz Schüler stated that they immediately shut down the access points of the said database that contained private details of 15% of its customers including fixed-line customers (900,000 approx.).
However, Schüler clarified that the database didn’t include financial data such as credit card information and/or bank account number or login credentials/passwords. But it did contain personal details like name, phone number, date of birth, email address and residential address. But, it cannot be stated that all of the information got revealed.
T-Mobile data breach
T-Mobile has sent messages to customers regarding the data breach. In the notices T-Mobile sent to the affected customers, it is stated that the hacker gained access to the email accounts of T-Mobile employees through hacking its email vendor. Some of the accounts contained sensitive personal data including Social Security Numbers, government ID numbers, financial data, rate plans, and billing information.
The company is offering a two-year subscription to online credit monitoring service myTrueIdentity free-of-charges to those who got their financial information exposed, while those who didn’t will not be getting any favors.
Whether you are using Virgin Media or T-Mobile, we strongly recommend that you change your password on all your accounts if you use the same password to access different services, and keep inspecting your credit card bill. Also, beware of emails and text messages from unknown and unidentified senders to stay protected from phishing scams.
Not for the first time
This, however, is not the first time when Virgin Media and T-Mobile have suffered a data breach. In June 2017, a third-party IT security firm informed Virgin Media that its 800,000 Hub 2 router users were exposed to cyber attacks. This forced the company to issue a password reset warning.
As for T-Mobile, the telecom giant is not new to data breaches. In August 2017, the company suffered a massive hacking incident in which personal data of over 2 million customers was stolen while last year in November, hackers accessed personal information of T-Mobile’s prepaid wireless customers ranging from names, phone numbers, along with their account information such as billing details.