T-Mobile Data Breach: How To Avoid A Similar Breach In Your Organization


T-Mobile Data Breach: How To Avoid A Similar Breach In Your Organization



Earlier this month, a T-Mobile data breach affected more than 50 million people after a cache of records was accessed via an unsecured router. Data exposed during the breach included names, dates of birth, social security numbers and other identifiable information. 

Storing unsecured data in your organization is a huge risk, which T-Mobile experienced first-hand.  The communications giant has since been taken to court for violating the California Consumer Privacy Act (CCPA) with one claim noting that the company was aware of the security vulnerabilities which led to the theft of customer information. (Via iapp)   

Avoiding costly data breaches can be as simple as knowing where your data resides, and de-identifying sensitive information so that it cannot be used for fraudulent purposes. 


Use A Professional Tool to Locate Sensitive Data 

Here at Hush-Hush, we understand how far data can travel, both within and without an organization. Sensitive data in the form of customer records can reside in on-premises servers, in the cloud, in emails, and in various test environments used as part of the normal development lifecycle. Taking steps to secure data requires knowing the location of sensitive data – wherever it resides. 

Our Sensitive Data Discovery Tool was created to perform the preliminary data discovery task required before remedial processes such as data masking can take place.  The tool uses proprietary algorithms to identify sensitive data such as names, email addresses, social security numbers and credit card details quickly across a range of data sources. It achieves this by searching for metadata, data patterns, and values. 

You may think your team understands the importance of controlling access to sensitive data, but you would be surprised to learn how quickly oversights can happen, especially now that most enterprises have had to decentralize to support remote teams. 


Mask Data For Non-Production Evironments 

One of the biggest potential security gaps is the test data used by developers in development and test environments. During the normal course of developing a product, multiple test environments can be created, each containing copies of valuable data. A sound security framework requires a data protection tool like data masking to be employed at production to ensure data is secured before it travels to test environments and beyond. The benefit of using data masking for this function is that masked data looks realistic, and retains its usefulness for testing, but identifiable elements like real names or the last four digits of a credit have been changed according to the algorithm chosen (such as shuffling, for example).  One of the biggest advantages of using data masking is that the process is irreversible, so even if data falls into the wrong hands, it cannot be used to identify and defraud your customers.  


Used together, data privacy tools like Sensitive Data Discovery and Data Masking make an impressive defense against data breaches and allow your developers to deliver secure data to non-production environments for development and testing. Best of all, they allow you to automate your data privacy processes without disrupting development. 


Trust Hush-Hush with your data privacy needs and ensure your security processes comply with privacy laws such as the GDPR, HIPAA, CCPA and more.

Request your free trial today. 


BuildNumber = dev_20210906.1