Wednesday, January 12, 2005

Incident(s): Hacker breaches T-Mobile systems, reads US Secret Service email

The Register (via Privacy Digest) is reporting on a staggering breach of security at a US wireless service provider. A hacker apparently had unencumbered access for at least a year to T-Mobile's systems, incuding US Secret Service e-mails, text messages, celebrity phonecam snaps and other sensitive personal information.

Hacker breaches T-Mobile systems, reads US Secret Service email The Register:

"A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor US Secret Service email, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.

Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records.

Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with web access to their T-Mobile email accounts. He did not have access to credit card numbers.

...

T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile was available to comment on the matter...."

Read the full article ... it's scary reading.

Update: The Associated Press is now carrying this story: Hacker Breaks Into T-Mobile Network:

"WASHINGTON - A hacker broke into a wireless carrier's network over at least seven months and read e-mails and personal computer files of hundreds of customers, including the Secret Service agent investigating the hacker, the government said Wednesday... "

No comments:

Post a Comment