Deutsche Telekom admits to 2006 breach affecting 17 million customers
Technorati Tag: Security Breach
Date Reported:
10/04/08
Organization:
Deutsche Telekom
Contractor/Consultant/Branch:
None
Location:
Bonn, Germany
Victims:
Online customers
Number Affected:
"about" 17,000,000
Types of Data:
"names, addresses, cell phone numbers, and some birth dates and e-mail addresses"
Breach Description:
"Deutsche Telekom has confirmed that personal information from 17 million of its mobile phone customers was stolen in 2006, including secret telephone numbers of high-profile politicians and celebrities."
Reference URL:
Deutsche Welle
Reuters
InformationWeek
Report Credit:
"German newsmagazine Spiegel reported on Saturday, Oct. 4"
Response:
From the online sources cited above:
Thieves have hijacked sensitive data on millions of Deutsche Telekom mobile phone customers, the German company has acknowledged
The incident stems from a theft of data in 2006 that only came to light now in a report by Der Spiegel magazine released ahead of publication on Monday
[Evan] Information breaches have gained much more visibility in recent years, which is a good sign (in my opinion). In 2006 it would not have been unheard of for a breach like this to go unnoticed.
The magazine said it was able to track down information on 17 million Telekom mobile users.
[Evan] 2+ years later, the data is still "out there".
Deutsche Telekom said the stolen data includes customer mobile phone numbers, addresses, dates of birth and, in some cases, email addresses.
"The records do not contain bank details, credit card numbers or call data."
[Evan] The information that was stolen is enough to give a criminal the leverage he/she might need in order to obtain further information.
Deutsche Telekom said it reported the theft to prosecutors in early 2006 and had found no evidence that the records were used to harass users or were otherwise abused by the thieves.
[Evan] Maybe not, but as you read further on, Deutsche Telekom did find evidence that the stolen information was for sale and apparently did nothing about it.
There has reportedly been no indication that the data has been misused, though the Telekom said "extreme criminal energy" was behind the theft.
[Evan] I don't know what "extreme criminal energy" means, but it sounds bad!
German newsmagazine Spiegel reported on Saturday, Oct. 4, that is had obtained access to the missing information via a third party.
"We had assumed that this data had been fully secured as part of an investigation by the district attorney," Philipp Humm, director of Deutsche Telekom's mobile phone division T-Mobile, said in a statement.
Telekom said it had conducted research after the theft and discovered that copies of the data had been offered on the black market but had apparently not been bought.
[Evan] So?
The public prosecutor's office in Bonn told reporters that pieces of data had been confiscated from private homes, but that the thieves themselves had not yet been detained.
The interior ministry has asked investigators to analyze the potential danger to several people, a ministry spokeswoman said, but she declined to give any more details.
T-Mobile Germany said it has taken multiple steps to shore up its security since the breach, including tighter restrictions on who has access to information, more complex passwords, and increased monitoring of security systems.
It offered to let mobile phone customers change their numbers at no charge and set up a toll-free hotline to handle queries.
[Evan] I couldn't find the toll-free hotline, otherwise I would share it.
Celebrity customers, including comedian Hape Kerkeling and television moderator Guenther Jauch, high-ranking politicians, billionaires and clergymen were reportedly among those affected by the data breach.
Commentary:
A breach from two years ago comes back to haunt Deutsche Telekom. There isn't much that the company can do to change the past, but the embarrassment and damaged corporate image linger anyway. Hopefully today Deutsche Telekom uses encryption when they decide to use "storage device"s containing sensitive information.
Could there be the potential that this breach affects U.S. customers of T-Mobile, as Deutsche Telekom is the parent company to T-Mobile?
Past Breaches:
Unknown
Date Reported:10/04/08
Organization:
Deutsche Telekom
Contractor/Consultant/Branch:
None
Location:
Bonn, Germany
Victims:
Online customers
Number Affected:
"about" 17,000,000
Types of Data:
"names, addresses, cell phone numbers, and some birth dates and e-mail addresses"
Breach Description:
"Deutsche Telekom has confirmed that personal information from 17 million of its mobile phone customers was stolen in 2006, including secret telephone numbers of high-profile politicians and celebrities."
Reference URL:
Deutsche Welle
Reuters
InformationWeek
Report Credit:
"German newsmagazine Spiegel reported on Saturday, Oct. 4"
Response:
From the online sources cited above:
Thieves have hijacked sensitive data on millions of Deutsche Telekom mobile phone customers, the German company has acknowledged
The incident stems from a theft of data in 2006 that only came to light now in a report by Der Spiegel magazine released ahead of publication on Monday
[Evan] Information breaches have gained much more visibility in recent years, which is a good sign (in my opinion). In 2006 it would not have been unheard of for a breach like this to go unnoticed.
The magazine said it was able to track down information on 17 million Telekom mobile users.
[Evan] 2+ years later, the data is still "out there".
Deutsche Telekom said the stolen data includes customer mobile phone numbers, addresses, dates of birth and, in some cases, email addresses.
"The records do not contain bank details, credit card numbers or call data."
[Evan] The information that was stolen is enough to give a criminal the leverage he/she might need in order to obtain further information.
Deutsche Telekom said it reported the theft to prosecutors in early 2006 and had found no evidence that the records were used to harass users or were otherwise abused by the thieves.
[Evan] Maybe not, but as you read further on, Deutsche Telekom did find evidence that the stolen information was for sale and apparently did nothing about it.
There has reportedly been no indication that the data has been misused, though the Telekom said "extreme criminal energy" was behind the theft.
[Evan] I don't know what "extreme criminal energy" means, but it sounds bad!
German newsmagazine Spiegel reported on Saturday, Oct. 4, that is had obtained access to the missing information via a third party.
"We had assumed that this data had been fully secured as part of an investigation by the district attorney," Philipp Humm, director of Deutsche Telekom's mobile phone division T-Mobile, said in a statement.
Telekom said it had conducted research after the theft and discovered that copies of the data had been offered on the black market but had apparently not been bought.
[Evan] So?
The public prosecutor's office in Bonn told reporters that pieces of data had been confiscated from private homes, but that the thieves themselves had not yet been detained.
The interior ministry has asked investigators to analyze the potential danger to several people, a ministry spokeswoman said, but she declined to give any more details.
T-Mobile Germany said it has taken multiple steps to shore up its security since the breach, including tighter restrictions on who has access to information, more complex passwords, and increased monitoring of security systems.
It offered to let mobile phone customers change their numbers at no charge and set up a toll-free hotline to handle queries.
[Evan] I couldn't find the toll-free hotline, otherwise I would share it.
Celebrity customers, including comedian Hape Kerkeling and television moderator Guenther Jauch, high-ranking politicians, billionaires and clergymen were reportedly among those affected by the data breach.
Commentary:
A breach from two years ago comes back to haunt Deutsche Telekom. There isn't much that the company can do to change the past, but the embarrassment and damaged corporate image linger anyway. Hopefully today Deutsche Telekom uses encryption when they decide to use "storage device"s containing sensitive information.
Could there be the potential that this breach affects U.S. customers of T-Mobile, as Deutsche Telekom is the parent company to T-Mobile?
Past Breaches:
Unknown
Posts Atom 1.0
These data breaches and thefts are due to a lagging business culture. I found some fresh and original thinking from the author of “IT Wars” - http://www.businessforum.com/DScott_02.html - I urge every business person and IT person, management or staff, to get hold of a copy of "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It has an excellent chapter on security, and how to scale security for any organization, any budget. It also has a plan template with all considerations. Our CEO has read this book. Our project managers are on their second reading. Our vendors are required to read it (they can borrow our copies if they don't want to purchase it). Any agencies that wish to partner with us: We ask that they read it. Do yourself a favor and read this book – BEFORE you suffer a breach.
Reply to this