The term shock wave refers to the intense hyper pressurization impulse created by detonating a high explosive. This impulse generates lesions that are characterized by anatomical and physiological changes produced by the direct or reflective hyper pressurization force that impacts on the surface of the bodies. As the term says, the explosion of a high-power device is needed and said explosion alters the objects that are directly in the radius of action of that wave.
Now, what does this have to do with computer security and data leaks? That is where the most important question of this article arises: Is information our high-powered device, which can explode at any moment? If the information is this explosive, can its detonation (Referring to the data leak) affect nearby targets? Could it even have a longer range? Throughout this post we will analyze the case of the T-mobile company and how its recent leaks are having consequences in various areas.
T-mobile is a wireless telecommunications company, providing cellular network services particularly in the United States and around the world. T-Mobile's history dates back to 1994, when it was founded in Bellevue, Washington, United States, as VoiceStream Wireless PCS, a wireless telecommunications company. The company initially operated in the Pacific Northwest of the United States, but quickly expanded to other regions of the country. In 2001 the German company called Deutsche Telekom acquired VoiceStream Wireless PCS and later renamed it T-Mobile USA in 2002. With this acquisition, T-Mobile became the first wireless telecommunications company owned by a European company operating in the United States (That is why there is often confusion regarding the nationality of this company).
Well, if we're talking about shockwaves, when we discuss an affected telecommunications company, we're talking about a perfect storm, with all the necessary ingredients to generate that proper hyper pressurization (If you skipped the intro and got this far, I explain it in the intro) since T-Mobile has recently suffered several data breaches. About 6 days ago, there was a second data breach in 2023, setting off alarms for all users of this company. These recent data breaches occurred after the first one, which took place in late February, revealing data of 37 million people. Although the recent incident affected only 836 customers of the company, the amount of information exposed is truly extensive, exposing affected individuals to identity theft and phishing attacks that remain common worldwide.
On many occasions, current data breaches may or may not be a consequence of security issues that occurred in the more or less distant past (Take note of this for later) if we were to create a timeline to try to find the root of the problem when a data breach occurs, we could travel back in time to gather information about previous attacks on a particular company, in our case, T-Mobile:
It is a reality that the incident response teams (CSIRT) of companies must be aware of all the attacks that occur towards their own company. This task is already a titanic one since it not only implies that they must be one hundred percent attentive to the alarms that passive defense systems provide but also must be alert to news, user behavior, reduce impact, restore business continuity, prevent future incidents, and also depend on the proper functioning of other teams, plus a long list of other tasks. Now, imagine adding to that enormous list of tasks that they should also be aware of leaks from other companies.
This shockwave, in a more literal case, tends to decrease in power as it moves away from the main target. However, when discussing a data bomb, the damage that occurs may or may not depend on proximity to the incident's epicenter. This is because data transcends borders, and as we explained earlier in the example, it doesn't depend on direct proximity. Serious data can impact and attack previously built trust relationships with the goal of acquiring a service.
Should all Data breaches concern us?
There are several potentially risky situations that could harm us. For example, if the affected company is a telecommunications company, as in this case, all companies that share the database with it or all companies related to this telecommunications company could have a much greater impact than the rest of the companies.
Since customers of a telecommunications company today have more than one resource associated with this issue, a recipe for staying on top of everything would be to filter security news in such a way that it is associated with the interests of our company. For example, if we are a banking entity, we know that there is a connection between all other banking entities, so an impact can be a sufficient alarm to pay attention to a breach in this field.
But this is the simplest case; truly understanding all the interactions our company has with the environment is a task that involves an increase in awareness of the resources and data we handle. That's why having areas that specifically focus on research helps a lot in these matters to provide feedback on the analysis that a CSIRT can perform based on its current scope. Another important point to consider is that we must protect users' identities according to all the leaks that occur; having engines that defend us from password spray attacks is very useful when detecting if users' accounts in the business environment are being used in other systems and also if those accounts use passwords recently leaked in the corresponding major Data breaches.
What questions should I ask myself?
So, when faced with leaks, it may be more important to ask ourselves a series of questions to evaluate the impact on our company and see if it is necessary to pay attention to it or not. Within the data, we must always consider the following points, to be aware of our information before questioning the interaction with the Data Breach;
Previous questions: