A number of outlets reported that hackers posted Paris Hilton’s Sidekick II address book on-line. Although it is not clear from the stories I’ve read whether this incident is a continuation of the security breach that was the key element in the Nicolas Jacobsen case or if this is a new breach, it makes me wonder whether T-Mobile has does all it can to protect the personal information of customers. I suspect that they haven’t, but I am willing to listen to evidence that points in the other direction.
I agree with the editors of FirstAdopter.com who said that the blogosphere should avoid any opportunity to link to sites where private customer data is posted, but blogs should be holding T-Mobile’s feet to the fire in order to ensure any security gaps are addressed ASAP.
Regardless of how hard T-Mobile has tried to tighten its security, I think there are some issues on which we can all agree:
- T-Mobile customer social security numbers were at risk. As a T-Mobile customer, I’m calling the credit bureaus and asking each of them to put a note on my account because I don’t want my identity and credit rating affected by any further misuse of T-Mobile customer data.
- Sidekick II user data has been and may still be at risk. All data that users store on Sidekick II’s end up on Danger, Inc.‘s servers. These servers have a sort of a trust relationship with certain T-Mobile servers that may still be vulnerable. If I were a Sidekick II user, I’d consider removing non-public information from my device until more is known about the security of the systems behind it.
Customers of T-Mobile should urge the company to report whether customer data resides on it’s own internal servers or those of contractors or outsourced IT providers. This should be done with respect to both the billing system and customer data servers for Sidekick II and Blackberry users. T-Mobile should also explain the steps it took to harden the aforemention systems, and the steps it’s taking to ensure that future breaches are detected and shutdown quickly. [ Update: Article updated to reflect the role that Danger, Inc.’s servers play in the Sidekick II service. ]