T-Mobile US customer databases (and a lot more) may have been hacked into

[Trippy]

Post on the Full Disclosure security mailing list:

http://seclists.org/fulldisclosure/2009/Jun/0062.html

Edit: T-Mobile notified, looking into it

Edit 2: T-Mobile claims they weren't hacked

[schild]

While they're auctioning off my information, they could at least hold the info hostage to negotiate lower rates and less bloaty TMo software on cell phones bought from them.

[Oban]

Ha, ten dollars says this was because they chose Convergys for their customer care, billing and support systems.   T-mobile always liked to go their own way...

Expect the legacy Wachovia database to go up for sale soon too.

EDIT:

Just remembered that there was this nasty form the FCC made us sign every year asking if our customer records were secure.  It had to be signed by the CEO and always caused a stir about database security for a few weeks.  The penalties were severe, ranging up to ten years of imprisonment for failure to secure customer call records.  Plus having the FBI launch an investigation always does wonders for a company's stock.   

Hell, if anything this may just force T-Mobile to sign up with Verisign like everyone else in North America.

[Trippy]

T-Mobile claims they weren't hacked

[Salamok]

Just remembered that there was this nasty form the FCC made us sign every year asking if our customer records were secure.  It had to be signed by the CEO and always caused a stir about database security for a few weeks.  The penalties were severe, ranging up to ten years of imprisonment for failure to secure customer call records.  Plus having the FBI launch an investigation always does wonders for a company's stock.   

Yet another part of the problem, these regulations always go into great detail and are clearly defined in every aspect other than what constitutes "secure".  Instead of dictating or even providing general guidelines on security measures to the CEO they just let him sign off based upon his definition of security.

[Oban]

Yet another part of the problem, these regulations always go into great detail and are clearly defined in every aspect other than what constitutes "secure".  Instead of dictating or even providing general guidelines on security measures to the CEO they just let him sign off based upon his definition of security.

Actually, they are pretty clear on what is secure and the FCC has shut down and/or fined carriers that have not followed the rules. 

Unless you are pointing out that the FCC does not provide actual sample router config files for all the hardware vendors in use in the US, firewall maintenance update links, OS update links for the myriad of flavours out there and social engineering webinars for carriers.