BrianKrebs on Nostr: Some possible good news for a change: T-Mobile settled with The Federal ...
Some possible good news for a change: T-Mobile settled with The Federal Communications Commission (FCC) and agreed to pay a paltry $31.5 million over multiple data breaches that compromised the personal info of millions of US consumers.
But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.
https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/
We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.
https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/
It's unclear whether T-Mobile's competitors will be held to the same standard.
But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.
https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/
We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.
https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/
It's unclear whether T-Mobile's competitors will be held to the same standard.