On 15 Nov 2024, Wall Street Journal (WSJ) reported that T-Mobile has suffered from a recent cyberattack which has been linked to the Chinese state-sponsored hacking group called Salt Typhoon. The attackers exploited vulnerabilities in network infrastructure to access sensitive communication data. While the company claims no customer data was stolen, the breach has raised concerns about national security and the resilience of critical telecommunications infrastructure.
This incident adds to a troubling history of cyberattacks on T-Mobile. In 2021, the company faced a massive breach that exposed the personal data of over 40 million customers. The stolen information included social security numbers, driver’s licenses, and other sensitive details. Despite promises to enhance its security, T-Mobile was hit again in 2022, with hackers accessing data for 37 million customers, including phone numbers and account details.
T-Mobile’s repeated breaches highlights ongoing vulnerabilities in its cybersecurity framework. The recent attack is particularly alarming because it is linked to state-sponsored hackers. Sources told WSJ that Salt Typhoon infiltrated U.S telecom infrastructure through vulnerabilities, including Cisco Systems routers, and may have used technologies such as artificial intelligence or machine learning to bolster operations. These advanced tools and resources makes todays cybercriminals far more dangerous than typical legacy ones. The company’s inability to prevent these incidents raises questions about whether its security measures are sufficient to protect its vast customer base.
These attacks not only jeopardise customer trust but also impact T-Mobile’s business reputation and could lead to regulatory scrutiny and financial penalties. The latest breach, which appears to have targeted high profile national security figures, further highlights the critical need for robust security in the telecom sector. As hackers increasingly target essential infrastructure, businesses like T-Mobile must take urgent steps to identify and close security gaps, ensuring they are better prepared for future threats.
Critical National Infrastructures (CNI) can be used as highly viable “low hanging fruit” for threat sources, particularly Hactivists and Foreign Intelligence Services (FIS) via state sponsored threat actors. In the UK, HMG has introduced the Cyber Assessment Framework which is a systematic and comprehensive approach to assessing cyber risks to essential functions developed by the National Cyber Security Centre (NCSC).
Adopting an appropriate information and cyber security framework will help you ask the right questions to enhance your organisational security.
