Reports are in that T-Mobile, the ever popular US communications firm has recently became victim to the theft of highly sensitive data on operations, customers and also financial records.  According to postings on the internet, this information has already made its way to the underground auctions where it awaits the highest bidder.

T-Mobile has recently confirmed that they were the subject of attack, but they have denied any sensitive information has been stolen.  Three days after the attacks, T-mobile released a statement to the press in response to a channel insider inquiry stating that “protection of our customers’ information and the security of our systems is paramount at T-Mobile.” T-Mobile went on to admit that ‘a document’ had been stolen and that an investigation is underway.

The hackers are yet to substantiate their claims with anything other than the list of ‘servers’ which T-Mobile has already admitted to losing.  Perhaps the attacks never took place, or perhaps T-Mobile is deliberately keeping quiet?

T-mobile does not have the best reputation when you look at their track record. In 2005, it emerged that they were the subject of another massive attack, in which a hacker managed to access the sensitive information of T-Mobile’s full subscriber base of over 16 million customers.

As security analysts and encryption experts, we have to ask the question about both attacks: – Why does T-Mobile not adopt more rigorous multi-layer security?  Is encryption not at the heart of their policies?  After all, if they followed an appropriately multi-layered security policy, they would be able to mitigate the risks of any data theft.

We live in an age where there is a constant battle of competition going on amongst hackers.  Corporations are the victims, and many are literally blind to the risks, until they find out someone has just stolen the information of 16 million customers.   That is a lot of credit cards…

Reports have recently surfaced that the US National Archives recently lost over a terabyte of personal information on an unencrypted hard disk drive. This information is said to have contained highly sensitive details such as social security numbers, personal addresses and also highly classified procedural data regarding White house and secret service operations.

Reportedly, this disk went missing some time ago during building renovations and the FBI is apparently only now conducting a criminal investigation, even though reports state that the drive went missing over 5 month period.
This could essentially make it impossible to track down the source of the loss, and it also begs the question to be asked – “Why did it take so long to notice?”

Statistically speaking, a one terabyte hard drive could contain information on over half a million citizens and for security reasons; the National Archives are not being fully transparent as to the full details of this loss.
This is just another example of how governments continue to fail with nonsensical approach to data security. The fact at the matter is that the Information security professionals responsible for the US national archives should be held partially responsible for this loss.

Security experts have publically deplored the loss stating that there is no reason why a government department such as the National Archives should not have rugged security policy. The above-mentioned breach is illustrative of something a small company may suffer from, but given the sensitivity of the data on this device, some level of disk encryption should have been used as a precautionary measure.

This is just an example of how there is very little in the way of laws to protect sensitive data. Whilst the government managed to lose 1TB this time, it is not the first time that data has been lost or stolen.

It will also not be the last.