History: Telecom industry cyber security breaches

Here is the consolidated cyber security breaches on the telecom industry happened over a decade of years and its consequences

2006KDDI suffers massive data breach – KDDI is Japan’s second-largest telecommunications carrier. It operates fixed-line, dial-up Internet, broadband and cellular services through a number of different companies

Personal data on almost 4 million customers of Japanese telecom carrier KDDI Corp. has been breached

The data includes the name, address and telephone number of 3,996,789 people who had applied for accounts with KDDI’s Dion Internet provider service up to Dec. 18, 2003, KDDI said. Additionally the gender, birthday and e-mail addresses of some of the people was also leaked. Read more

Deutsche Telekom said it lost personal data for about 17 million T-Mobile Germany customers in the spring of 2006 –  T-Mobile Germany said it reported the data breach to prosecutors in 2006, and that there was no evidence that the data had been misused by unauthorized parties. But the issue came to light when German magazine Der Spiegel said it was recently able to access customer information through a third party.

“We are very concerned by the fact that the incident from 2006 is relevant once again. Until now, we were under the assumption that the data in question had been recovered completely as part of the investigations of the public prosecutors’ office and were safe,” said Philipp Humm, managing director of T-Mobile Germany, in a statement. “Notwithstanding the fact that the culprits have been at work with a tremendous criminal potential, we earnestly regret to say that we have not been able to protect our customer data in line with our standards.” Read more

2008: Management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop. The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SC MagazineUS.com on Wednesday. The data on the computer was not encrypted — a violation of company policy — and included names, Social Security numbers and in some cases, salary and bonus information. Read more

The White House chief of staff is believed to be among 114,000 iPad owners, including chief executives and military officials, whose personal details have been exposed through a breach of the website of the US phone network AT&T.It will be an embarrassment to Apple, which has sold more than 2m of the tablet computers since they went on sale in the US at the start of April, and late last month internationally. The iPad comes in two main versions, one with 3G and one without. The news that the 3G version could have been liable to hacking could depress sales of the more profitable version. It will also increase friction between Apple and AT&T, which has had the exclusive rights to sell the iPhone since 2007, and now the 3G-enabled iPad in the US. The exclusivity is believed to be a five-year deal but many Apple fans have accused AT&T’s network of being unable to support their growing demand for bandwidth.. Read more

2012 – Hackers accused of stealing data from 9M Korean mobile users.

The two suspects reportedly took in around $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier’s total customers. The carrier confirmed that the data stolen included customer names, registration numbers, and phone numbers. KT has since apologized to customers for the theft and has promised to tighten security. Read more

The applicants’ information was collected for the telecom providers YourTel and TerraCom by Vcare, an India-based call centre service contracted to verify applicants’ eligibility.

Call it security through absurdity: a pair of telecom firms have branded reporters for Scripps News as “hackers” after they discovered the personal data of over 170,000 customers — including social security numbers and other identifying data that could be used for identity theft — sitting on a publicly accessible server.. Read more

Insider Steals Data of 2 Million Vodafone Germany Customers

The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted. German news agency DPA reported that the suspect had worked for a contractor of the company and was not a Vodafone employee.

“This attack was only possible with high criminal energy, insider knowledge and found hidden deep in the company’s IT infrastructure instead,” Vodafone Deutschland said in an online statement translated from German.. Read more 

A cyber attack on Belgacom raised considerable attention. Documents leaked by Edward Snowden and seen by SPIEGEL indicate that Britain’s GCHQ intelligence agency was responsible for the attack. The documents also suggest that GCHQ continued to probe the areas of infrastructure to which the targeted employees had access. The undated presentation states that they were on the verge of accessing the Belgians’ central roaming router. The router is used to process international traffic. According to the presentation, the British wanted to use this access for complex attacks (“Man in the Middle” attacks) on smartphone users. The head of GCHQ’s Network Analysis Centre (NAC) described Operation Socialist in the presentation as a “success.”

India’s telecom network is equally vulnerable. Dhruv Soi, founder of information security firm Torrid Networks, recalls a recent assignment to test the networks of one of India’s largest telecom operators. He says his team got complete control of the company’s billing system within a week. It also found that the back-up server containing important data had weak passwords and was protected by flawed software. “We targeted this server and were able to control almost everything,” adds Soi.