TMobile logo.jpeg

> 50 million current, former, and potential T-Mobile and Metro Network customers are affected.

> Data for sale on the dark web includes customer names, birthdays, and social security numbers. 

> T-Mobile has apologized for the breach and is already facing class-action lawsuits, claiming the company didn't properly protect customer data. 

T-Mobile says no account numbers or passwords were stolen. But because of the risk of identity theft, customers are advised to change their T-Mobile and Metro password and PIN numbers.

The company is also offering two years of identity theft protection to those affected. 

Bloomberg says a 21-year old Virginia man, now living in Turkey, has claimed responsibility for the breach, saying he wanted to demonstrate the company's lax security practices. 

The asking price for 30 million names and social security numbers is around $270,000.

What to do if you're a victim

Click on the thumbnail image to download and print this PDF about steps to take if your personal info is stolen in a breach.

NTSC _ What to do next.001.jpeg

News story sources: CSO Online, Bloomberg, CNet, WSJ, ZDNet

Cell tower September 1.jpg
Big Breach of 2021 red.png
NTSC 300dpi.png
Cybersecurity News bl.png
from the NTSC Cybersecurity Team
Keeping you safer as you work online
Cybersecurity Headlines.png
Sept 1 news logos v2.jpg

> The FCC is proposing its largest-ever penalty against robocalls. The fine of over $5 million is against political strategists J.K. Burkman & Associates, who admitted placing thousands of automated calls to wireless phones. NBC News says the messages claimed police and credit card companies would gain access to voters’ personal information if they cast ballots by mail last fall.

 

> CNA Insurance has disclosed it suffered a ransomware attack earlier this year, exposing social security numbers and healthcare benefits of over 73,000 people. CNA is notifying those affected and offering free credit monitoring.

> Swiping credit and debit cards through a card reader to make a purchase is on the way out. Mastercard says it will phase out magnetic stripes on the back of its cards in favor of cards that use a chip. BankInfoSecurity says the changeover, which dramatically cuts fraud, will take 10 years to complete.

 

VPN icon 3.png
And do I need to be safe 2 wh.png
What is a VPN wh 2.png

Many readers have questions about "VPNs," short for "virtual private networks," and whether adding VPN software to their computers, tablets, and smartphones will protect them from spies and hackers on their home computer networks. Check out this video to learn more. 

NTSC 300dpi.png

This twice-monthly employee cybersecurity newsletter from Aware Force is available to members of NTSC completely branded for your organization,  

Each edition includes a mix of snackable videos, quizzes, phishing exercises, cyber news and more. Contact cutrisk@awareforce.com for more information. 

One more thing.png
Answers readers cybersecurity questions.png

"I recently received what I think was a phishing email that appeared to be from my own email address. I was concerned that they may have hacked my email account, but I have not seen or experienced anything else that would suggest that my email is compromised."

The fraudster may simply be spoofing your email address, which is easy for them to do. The address that appears between the "<" and ">" in the suspicious email is where it actually came from. Look through your "Sent" email folder for emails you didn't send. If you find any, change the password to your email account right away, and if you use the same password for any other accounts, change those passwords, too. 

"How secure are healthcare portals for people and for animals. I'm under a lot of pressure from MDs and vets to communicate with them this way and to date I've refused."

You're right to ask. Even big healthcare firms like Anthem Blue Cross Blue Shield have been hacked. Your health records are of great value to hackers because, unlike credit card numbers, your health history won't change over time. So choose long, hard-to-guess passwords to access these important accounts. Never reuse passwords on other portals. But, let's face it, communication about health care is migrating online. At least they're required by the FTC to inform you immediately if their portals get hacked.

"I think I’ve had a fraudulent email from PayPal. How do I know if this is real or not?"

One way is to go to your web browser, type "paypal.com" into the address bar, log in to your account and see if you see any similar messages. If not, the email is fake. 

Sources: FTC, Donnellan McCarthy, LifeWire, CSO Online, Microsoft, PBS

Do you have a cybersecurity question?

Aware Force Cybersecurity News • September 2021 a • Edition #127

Cartoon © 2021 cartoonstock.com

Masthead video by Manish Kumar Patanwar

Aware Force A.gif

Original content © 2021 Aware Force LLC

Aware Force is a registered trademark