T-Mobile Insider Hack Compromises 1.5 Million Customers’ Data

Another day, another breach. While nothing tends to surprise any longer in the realm of cybersecurity, this particular story stands out, for being an insider hack caused by a rogue employee at T-Mobile.

A news report by local media in the Czech Republic has revealed that a T-Mobile employee gained access to a database containing some 1.5 million customer records.

The staffer then attempted to sell the database, although the number of records that contain names, email addresses and personal information are yet unknown. Notably, T-Mobile insists that the database did not contain any login credentials embedded within the accounts, insisting that it was marketing-related data.

T-Mobile confirmed the hack in a media release, revealing that an employee had attempted to steal and sell the customer data. The employee was a member of a “small team that normally worked with customer data,” T-Mobile added.

When suspicions arose, the company sought the Police of the Czech Republic. The investigation is currently pending and hence T-Mobile isn’t revealing any specific information pertaining to the breach, yet.

“The database did not contain any user credentials, nor any location or traffic data that could compromise a user’s privacy,” the telecom giant stated. It further added:

The only risk to our customers could theoretically be exposed is that they might potentially be approached with unsolicited marketing offers.

The company deemed the incident as the failure of an individual, rather than one to be pinned on the system or be seen as procedural failure.

The employee in question has had his or her employment with T-Mobile terminated immediately, before the police began the investigation.

The telecom provider’s “robust security mechanisms” helped ensure and reinforce the database’s security with a prompt response as soon as red flags were raised, T-Mobile insisted.

Milan Vašina, T-Mobile Czech Republic’s managing director said in a statement:

I would like to reassure our customers that there was no actual data leak and that their data are safe. The trust and security of our customers are of key priority for us.

Although we found no system failure during a thorough check, we will check the whole system again and consider the introduction of other precautionary measures if necessary.