T-Mobile investigates possible security breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.cnet.com/8301-1009_3-10259487-83.html

By Marguerite Reardon
Security
CNet News
June 8, 2009

T-Mobile USA is looking into claims that a hacker has broken into its data 
bases and stolen customer and company information.

Someone anonymously posted the claims on the security mailing list Full 
Disclosure on Saturday. In that post, the hacker claims to have gotten 
access to "everything, their databases, confidential documents, scripts 
and programs from their servers, financial documents up to 2009."

The poster said he had offered the information to T-Mobile competitors, 
but they supposedly didn't show any interest. Now he says he is offering 
the information to the highest bidder.

T-Mobile issued a statement that the company is looking into the matter.

"The protection of our customers' information, and the safety and security 
of our systems, is absolutely paramount at T-Mobile," the company said. 
"Regarding the recent claim, we are fully investigating the matter. As is 
our standard practice, if there is any evidence that customer information 
has been compromised, we would inform those affected as soon as possible."

Some security experts were skeptical of the claims.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php