U.S. T-mobile reports another data breach
A lack of situational awareness can prolong the amount of time a threat actor operates undetected inside a network. This in turn allows attackers to discover more assets and exfiltrate more data. Business data API endpoints are particularly interesting as they often allow for automated data scraping.
This appears to be the case with the latest breach and customer leak reported by T-mobile USA, the second since January.
The last breach appears to be related to API endpoint data extraction, so it's not clear whether this one is following a similar exfiltration pattern.
More info on this breach here.
