What do we know about Tim's data breach

What do we know about Tim's data breach

Unauthorized intrusion to the systems connected to the 187 technical assistance and the 191 business assistance. Alert customers and former users: change the password of the MyTim personal area

Tim (Miguel Medina Afp / via Getty Images) In following an unauthorized intrusion into its systems, Tim revoked the passwords of an unspecified number of customers, inviting them to change the access credentials of the MyTim reserved area. The main Italian mobile telephone operator sent notifications starting from 24 August and continued the following day. "Dear customer, we wish to inform you that, in the face of the security control activities on our systems, anomalous activities have been detected, carried out by unknown third parties, which could jeopardize the confidentiality of your MyTim login credentials - yes law in communication -. For your protection and to ensure the security of your information, we are taking steps to disable your MyTim credentials as a precaution, also used for access to some related Tim services (Tim Party, Tim Personal), making it mandatory to change the password at the first access to the MyTim private area ".

The data breach would concern the personal data and access credentials of an unspecified number of current customers. And also of former users, as Wired has been able to ascertain in some cases. The company specified in an official note that "the data involved does not contain information that can enable payment functions". The operator immediately made a complaint to the Postal Police and, as required by the European regulation for the protection of personal data (Gdpr), to the Privacy Authority, which will have to assess any responsibility of Tim, who considers himself an injured party, in processes for securing customer information.

Contacted by Wired, the company confirmed "that it has registered an unauthorized activity on the user data of some customers" and that it has taken all necessary measures to "stop this activity and prevent it from happening again , informing the competent authorities and interested customers ". According to what Wired learns from confidential sources, the telecommunications company would have detected anomalies that then led to the discovery of the data breach after August 15th. Investigations began immediately and it is not excluded that the intrusion may have occurred from within and not as a result of a cyber attack, knowing how to move to get to the user records. Two independent sources report that the systems managed by the operator and involved in the data theft are the old interfaces of the technical assistance of the 187 and the business one of the 191, which had been decommissioned.

L 'Data room operation in 2020

In February 2020, a complaint started by Tim - and not connected to this new report - following the discovery of anomalous activity in his IT systems allowed the Postal Police to uncover an illegal business of telephone company customer data. Some unfaithful employees stole packets of user data and resold them to call center managers, who tried to exploit any disruptions to place the contract with another operator, completely unrelated to the facts, and earn on commissions. Up to 400 euros for each new contract signed.

The Data room operation, coordinated by the Rome Public Prosecutor's Office, in June last year led to 20 precautionary measures to block the mechanism that had led to the accumulation of up to 1.2 million records, worth 3.4 cents each. "The data relating to the technical management of users have always had a great economic value on the market (think of the information relating to failure reports) and can allow the implementation of aggressive commercial practices, aimed at procuring customers, perhaps predisposed to portability precisely because of various problems, reported and present within the data rooms ", explained at the time a press release from the Postal Police. After the latest intrusion detected by Tim in recent days, according to Wired, no telemarketing activity peaks have been detected on the users involved in the data breach.

Accessories - 5 hours ago

The pocket 5G router that connects 32 devices

Stellantis teams up with Apple's connected car provider

What we know about the ransomware that hit an agency linked to healthcare in Tuscany


Cybersecurity Gdpr telecommunications telephony Tim globalData.fldTopic = "Cybersecurity, Gdpr, telecommunications, telephony, Tim "

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

Powered by Blogger.