In the 21st century business world, data breaches are a serious threat to any organization. Losing your company’s files can mean dealing with lost money, damaged IT infrastructure, disrupted workflow and more—there are all sorts of ways that a cybersecurity event can impact a company. Another key consideration is salvaging one’s reputation and retaining customers, which in some cases can be especially difficult. For example: ZDNet Security reports that T-Mobile is dealing with a major scandal in the wake of a hacker’s theft of personal data from 2 million of their customers.
Company staff members reportedly detected an unauthorized entry into the company’s network on Aug. 20, 2018. They managed to rapidly shut down the intrusion, but they weren’t able to keep the hackers from stealing many customers’ names, zip codes, phone numbers, email addresses, and account numbers. The company didn’t reveal much about who might have been behind the intrusion, but they did volunteer that they thought the threat actors were “international.”
“Our cybersecurity team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile told millions of customers in a statement. “None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.”
Often, a major part of the challenge a company faces after a data breach is not the technological aspect, but the PR angle. It’s largely about damage control. This is especially the case at T-Mobile, where the company’s cybersecurity strategy has already been scrutinized a great deal this year. In May of 2018, the company made headlines because of a bug that allowed anyone to access a customer’s personal data using only a phone number; now, the telecom business is under fire again.
The truth is that even for highly sophisticated, technologically advanced companies, preventing all data breaches is probably a lost cause. What companies can do, however, is prevent as many incidents as possible, and when one does happen anyway, manage the situation as well as possible after the fact. That’s what T-Mobile is trying to do.
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” the company said in a statement. “We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”
Photo by Michael Candelori / Shutterstock.com