Reports are in that T-Mobile, the ever popular US communications firm has recently became victim to the theft of highly sensitive data on operations, customers and also financial records.  According to postings on the internet, this information has already made its way to the underground auctions where it awaits the highest bidder.

T-Mobile has recently confirmed that they were the subject of attack, but they have denied any sensitive information has been stolen.  Three days after the attacks, T-mobile released a statement to the press in response to a channel insider inquiry stating that “protection of our customers’ information and the security of our systems is paramount at T-Mobile.” T-Mobile went on to admit that ‘a document’ had been stolen and that an investigation is underway.

The hackers are yet to substantiate their claims with anything other than the list of ‘servers’ which T-Mobile has already admitted to losing.  Perhaps the attacks never took place, or perhaps T-Mobile is deliberately keeping quiet?

T-mobile does not have the best reputation when you look at their track record. In 2005, it emerged that they were the subject of another massive attack, in which a hacker managed to access the sensitive information of T-Mobile’s full subscriber base of over 16 million customers.

As security analysts and encryption experts, we have to ask the question about both attacks: – Why does T-Mobile not adopt more rigorous multi-layer security?  Is encryption not at the heart of their policies?  After all, if they followed an appropriately multi-layered security policy, they would be able to mitigate the risks of any data theft.

We live in an age where there is a constant battle of competition going on amongst hackers.  Corporations are the victims, and many are literally blind to the risks, until they find out someone has just stolen the information of 16 million customers.   That is a lot of credit cards…