T-Mobile Repeatedly Breached
Last month, T-Mobile confirmed yet another data breach, this time by the Lapsus$ extortion gang, which used stolen credentials and gained access to internal systems. T-Mobile said the hackers didn’t access any customer data.
However, this latest breach prompted questions about T-Mobile’s cybersecurity. Mark Lambert is vice president of products at ArmorCode, an application security provider.
“While T-Mobile did a great job making sure the ‘intrusion was rapidly shut down and closed off,’ you must ask yourself, how did they get access in the first place?” he said. “As organizations like T-Mobile race to deliver features to customers to gain competitive advantage, cracks appear in their security posture. Leveraging cloud with dynamically created container-based infrastructure enables organizations to instantaneously deploy and scale software delivery, but exponentially increases the volume of security findings that are from application security and infrastructure security tools. Organizations need to be leveraging AppSecOps practices as well as DevSecOps to operationalize application security and ensure that they can scale the team’s response to security findings to the same level they have scaled their software delivery.”