News of the recent T-Mobile data breach that impacted 40 million people highlights— again—the need for companies and organizations to adopt and follow best practices for preparing and responding to crisis situations.
Not The First Time
According to Ars Technica, “By some counts, T-Mobile has experienced as many as six separate data breaches in recent years. They include a hack in 2018 that gave unauthorized access to customer names, billing ZIP codes, phone numbers, email addresses, and account numbers. In a breach from last year, hackers absconded with data including customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information.”
Don’t Wait For Others To Disclose Your Crisis
An important crisis management best practice is to immediately disclose information about a crisis, and not leave it to others to discover it themselves. If others — such as news organizations— find and report details of the crisis before you do, it can raise questions about your failure to announce the crisis.
News of the cyberattack on T-Mobile was first reported by Vice, not T-Mobile. The attack was confirmed a day later by the telecommunication company, which did not provide additional details about the incident at the time.
T-Mobile did not immediately respond to requests to comment for this story.
Keep People Posted
T-Mobile issued a news release today that was also posted on their website with the latest information about the data breach.
The company noted in the release that, “We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack. While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
Help Those Impacted By The Crisis
CNN reported that, “The company is recommending that all T-Mobile postpaid customers preemptively change the PINs protecting their accounts, though it said it has no evidence those PINs have been compromised. Account PINs belonging to the 850,000 prepaid customers were compromised, however, and T-Mobile said it has unilaterally reset those PINs as a security precaution.”
T-Mobile said it will offer two years of free credit monitoring to affected customers.
Take Steps To Prevent A Crisis
Depending on the nature of your business, there are steps you should take now to help prevent common crisis triggers or mitigate the impact of a crisis.
Kevin Breen, director of cyber threat research at Immersive Labs said, “When it comes to mitigating the risk of a mega-breach like this, it’s important to place applications that hold large volumes of data under additional scrutiny in terms of their security monitoring, patching policies and audit logging. This is even more vital for public-facing applications. The speed and efficiency with which an organization identifies and responds to a vulnerability could be the factor that halts a breach in its footsteps.
“Sadly, there’s nothing new about this attack—and I have no doubt that we’ll see more of its kind,” Breen predicted. “While no financial information has been compromised, significant amounts of personal data could now be in the hands of those who would use it for malicious intent. This particular incident might fade into the noise of the current new cycle, but there are people who will suffer at the hands of the fraudsters that now hold their personal information.”
Advice For Business Leaders
Bruce Dahlgren, CEO of MetricStream, said, “As hackers become more sophisticated, it’s a challenge for companies to stay secure. It’s not a matter of if a breach is going to happen, but when. Because of this, it is critical for organizations to have an incident response team comprised of legal, corporate communications, and IT staff, as well as to have contingency plans in place.
“Additionally, management should conduct regular risk assessments in order to identify potential gaps and areas where cybersecurity and response plans can be improved,” he counseled.
“Lastly, response teams need to be aware of data protection and disclosure regulations that may impact response processes and disclosure details. Having these in place now will pay dividends down the road, dramatically improving corporate transparency, market credibility and customer loyalty,” Dahlgren said.
Stephan Chenette, Co-Founder and Chief Technology Officer at AttackIQ said, ‘All organizations trusted with sensitive consumer data must take proactive approaches to protect their data and be extra vigilant in testing the security controls protecting organizational encryption keys.
‘’This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats. They should also employ continuous evaluation of their existing security controls to uncover gaps before a hacker finds and exploits any weaknesses”