1-877-667-1549

Data Security Makes Headlines Again, For All The Wrong Reasons

Michael Joe August 30, 2022 Risk and Compliance

IT experts got a wake-up call following T-Mobile’s whopping $350 million data breach.

Image by Azmi Talib from Pixabay 

A Personal Experience

July 21st, 2022, 12:30 pm ET I receive a text message from an unknown number saying, “Hi Mike, this is Todd, I am not sure if you remember me, but I recall exchanging numbers not so long ago. Here is the link to the Nike Store discount we discussed.” Todd then proceeds to send the link.

At first, I was very confused thinking, “I don’t know a Todd! Who is this character?!” However, I can’t lie I was very intrigued by the offer, but the Security Consultant in me smelled the danger and I immediately blocked and deleted the number. Luckily my confusion did not last very long.

 July 22nd, 2022, 7 pm ET The next day I received an alert on my phone informing me that my provider, T-Mobile, had experienced a data breach that exposed the contact information of over 76 million customers making it one of the biggest hacks in U.S history. And that of course must have included me. I hope you did not share my experience.

And this isn’t the first big name to grab headlines for the wrong reasons either, I mean just google it (Don’t worry we got you, here is a list: Biggest Data Breaches of 2022).

The Writing was on the Wall…

One notable technology journal documenting T-Mobile’s missteps noted that among many allegations, T-Mobile did not take necessary precautions to protect company data and did not rely on industry standards. This would of course lead to their detriment; T-Mobile’s servers were said to be inadequately set up to protect against brute force attacks! If you are new to cybersecurity terminology, a brute force attack could be confused with something more physical, like bypassing the physical access restrictions using techniques only seen in movies. In which case, you aren’t on the guest list, so beat it, pal! However, a brute force attack is when a threat actor remotely floods the system with passwords and phrases hoping they can guess the correct login credentials. And in this attempt, the actor was successful due to exploitable security controls within T-Mobile that allowed unauthorized access to millions of customers’ data. This news has no doubt put a brighter spotlight on data security as the press clippings for T-Mobile are downbeat, to say the least.

… And QoS is Here to Help you Read in Between the Lines

The key takeaway here really lies in the fine print of this story. The buzzword is, industry standards, or lack thereof. Performing readiness assessments for these standards is paramount! Examples of frameworks and standards are: CMMC, PCI-DSS, NIST, FedRAMP, ISO, Sarbanes-Oxley (SOX), SOC, and many more. Most of the regulatory requirements are accessible online, and consultants at QoS are here to help you make sense of it all.

Here is another story that should help raise awareness of the importance of appropriate security practices. Put yourself in the shoes of a brand-new home buyer. The boxes have been unpacked, maybe the lawn needed a fresh cut, and you’re finally settled. Upon looking around you come to realize, “wow, we have a lot of valuable items in this house”. It could be your jewelry, work laptops, or that vintage one-of-a-kind Flutie Flakes cereal box you’ve been holding on to since the 90’s hoping for it to explode in value. Was the last one a stretch? Mmhh perhaps, but anyway the point is, there are a lot of things in your house you care about, and there are plenty of unsecured entry points like doors and windows that you may not be readily equipped to protect. And no, the 4-Iron by the door you used last weekend to shank a couple of balls into a pond will not suffice here (That’s a joke, it’s me who is shanking all those balls… I really need to work on my game). A common solution for new home buyers is to hire a physical security company to come in and assess the environment and apply their industry’s best practices to your home to reduce the risk of a break-in.

Seeking experts for protecting your home should be in the same frame of mind as your business. Is the writing on the wall clearer now?

QoS understands how data breaches and exfiltration along with cyber-attacks can disclose our customers’ private data which can cripple an organization through extensive response and recovery resources and costs, reputation damage, and litigation. If comprehensive data security is your goal, do not wait, reach out to us today.

For more information speak with a QoS consultant today, sales@qosconsultingsolutions.com, or reach out through our contact form on our website, https://www.qosconsultingsolutions.com.

Michael Joe

​Michael Joe is a Security Consultant and blog writer at QoS Consulting Solutions, author of several captivating works on our website.  Michael graduated from the College of Charleston in South Carolina with a Bachelor of Arts degree in Communication and with Latin Honors: Cum Laude. Michael’s passion for spreading awareness and knowledge of information technologies and cybersecurity is evident in his unique voice and writing style. As you noticed in his work, Michael’s storytelling and humor have a way of grasping the reader in a way few technology-focused blogs have done. Michael’s aim is to educate and entertain to change the way people perceive IT literature: Moving it away from a hyper-focus on so called “geeks”, towards the greater public. Cybersecurity is for EVERYONE, not just the techies in the trenches! Michael was expertly trained in the art of cybersecurity consulting.

See author's posts