T-Mobile, the third-largest carrier in the United States, that has recently completed a $26 billion merger with Sprint, announced that it had experienced a second data breach in December, 2020. The security breach may have revealed call-related information and phone numbers of some of its customers. According to the company, it recently discovered illegal access to some customer account information, including data that T-Mobile collects on its customers when considering the provision of mobile services. However, the company reported that the information affected by the violation did not include the customer’s account names, physical or email addresses, financial data, credit card information, social security numbers, tax IDs, passwords or PINs. The information accessed by hackers is known as Customer Proprietary Network Information (CPNI). This data can include call records, such as when the call was made, how long it lasted, the caller’s phone number and destination phone numbers,…
The UK’s Information Commissioner’s Office (ICO) has issued Facebook a penalty notice requiring the payment of £500,000 due to “a very serious data incident”. The fine is the maximum that can be imposed under the United Kingdom’s Data Protection Act 1998, which was the ruling document when the incidents occurred. “We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data,” commented the UK’s Information Commissioner, Elizabeth Denham. The data breach incidents occurred between 2007 and 2014, when Facebook failed to properly monitor the developers using the Facebook platform to build apps, and allowed them access to user information without clear consent. This particular case concerned Aleksandr Kogan and his…