Why Companies Should Protect Us From Future Hacks

Unfortunately, data breaches have become the norm in the digital age, so why aren’t we more prepared for them?

According to a Risk Based Security report, there were 3,932 publicly reported breach events between 2019 and 2020. The latest company to be affected by a data breach was T-Mobile this week. It’s not the first data breach—and it certainly won’t be the last—therefore, experts say companies need to be better equipped to handle the next big hack.

“Continued data breaches raise the question as to who is responsible for protecting corporations and consumers from cybercrime,” Joshua Motta, CEO of Coalition, wrote to Lifewire in an email. “The breach is not the point of failure, but the response is. And to prevent cyberattacks, organizations can’t keep thinking in terms of if they will happen, but when.”

Mobile Carrier Hacks
T-Mobile’s stolen data included names, dates of birth, driver’s license information, and even Social Security numbers for about 7.8 million current postpaid customers, as well as over 40 million former or prospective customers who had applied for credit.

“Unless we direct the blame squarely at the corporations…nothing is going to change,”

This isn’t even the only hack T-Mobile has experienced over the past year: in December 2020, a data breach affected 200,000 customers. But in the past four years alone, T-Mobile’s hacks have affected millions of customers, since the mobile carrier also experienced a hack in March 2020, one in 2019, and another in 2018.

And T-Mobile isn’t the only one: in 2018, At&T was forced to pay $25 million in a settlement to the Federal Communications Commission for breaches that occurred in 2013 and 2014. The breaches led to unauthorized disclosure of names and Social Security numbers, as well as the account information of about 280,000 US customers.

Experts say hackers are getting smarter and that mobile carriers need to always be preparing for the next data breach. “Hackers are outpacing large, multinational companies in the cybersecurity arms race,” digital privacy expert Aaron Drapkin of ProPrivacy told Lifewire via email.

“A company like T-Mobile that holds reams of customer data probably faces thousands of different cyber-attacks a day, and no matter how good your defenses are, there’s always the chance that something can still slip through the net.”

What Can You Do?
While many affected customers might be wondering what they can do to protect their information from the next major mobile carrier hack, Steve Thomas, the CEO and co-founder of HackNotice, said there is always a risk that whatever data you hand over to a company could be hacked or exposed.

Since data stolen in the most recent hack included Social Security numbers, Thomas said there is a way you can protect that information. “You can start by getting a pin from the IRS to prevent tax fraud, one of the many ways a Social Security number can be used against a person,” Thomas explained to Lifewire in an email.

And, since affected T-Mobile customers will be given free identity protection with McAfee’s ID Theft Protection Service for two years, Thomas urges everyone to take advantage of it. “For broad protection, every person impacted should receive some level of free identity theft protection (usually for a year, even though hackers keep hacking after a year),” he said.

“Be on the lookout for account takeover attacks and use a digital identity protection service to prevent those, as well.”

What Mobile Carriers Should Do
However, most experts agree that it’s not fair or even possible to expect customers to be responsible or take steps to prevent the next hack. “Unless we direct the blame squarely at the corporations—and make them understand that when we sign up for their services, they have a responsibility to keep our data safe—nothing is going to change,” Drapkin added.

“…no matter how good your defenses are, there’s always the chance that something can still slip through the net.”

He said companies as big as T-Mobile need to perform more public security audits and make sure they’re prepared for the worst. Some of these ways could include regularly stress-testing a company’s digital security to look for vulnerabilities via methods like ethical hacking.

“Every time something like this happens, I always think of data minimization, a practice all businesses should undertake to decrease the amount of sensitive information they hold,” Drapkin said.

Leave a Reply