in brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time (so far) this year.

For those counting, this also makes the seventh incident in five years at the cellular provider - though this one is small compared to the 37 million subscribers whose data leaked in January. Only 836 customers were caught up in this one. 

In a form letter shared by Infosecurity, T-Mobile said it detected unauthorized activity in its network in March, with illicit access beginning in late February. T-Mobile said no financial information or call logs were obtained, but account PINs and plenty of valuable PII was exfiltrated. 

"The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines," the "Un-carrier" explained in its letter.

For T-Mobile customers wondering if they were affected, letters were mailed out on April 28, so if you haven't received one you're probably fine. T-Mobile also said that it reset account PINs for affected customers, so if you've had trouble with your account that might be why.

T-Mobile has had tens of millions of customer records compromised over the years. Its first reported breach was in 2018 when two million records were accessed along with hashed passwords, and a year later more than a million customers had their data exposed. March and December of 2020 brought an additional pair of breaches, followed by a whopping 48 million customer records posted to the dark web in 2021. 

Capita doesn't just get hacked - it also leaves its buckets open

Still reeling from the aftermath of a Black Basta break in, London-based digital services firm Capita is now contending with a security researcher's allegation it left an AWS S3 bucket unsecured for seven years. 

The password-free bucket reportedly contained 3,000 files totaling 655GB - including software files, server images, spreadsheets, PowerPoint presentations and text documents, one of which the researcher said contained login details for one of Capita's systems. Filenames found in the bucket suggest it's still in use, too. 

The researcher said they notified Capita in late April, and the bucket was secured shortly afterwards. Capita said nothing in the bucket was sensitive. 

Misconfigurations in AWS S3 storage buckets are an incredibly common problem and have affected some large companies. Twilio, McGraw-Hill and even US military cyber resilience contractors have spilled their secrets thanks to leaky buckets.

University text alert system hacked to deliver ransom demand

Students at Virginia's Bluefield University have enough to worry about this time of year, what with finals and all, but add a ransomware attack and text messages from hackers blowing up their phones to the mix and you have a recipe for one helluva finals week.

Bluefield reported the attack on Sunday, telling students and faculty that the incident could take days to resolve, but reassuring everyone that "as of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft." 

Unfortunately for the university, it appears the attacker behind the hack disagreed with that claim, and had gained access to the college's RamAlert system - typically used for things like weather alerts or shooter drills. 

"We have admissions data from thousands of students," the attackers declared, claiming they had 1.2TB of data and that they're ready to use it. It's unclear how Bluefield is going to respond - so far they've only warned faculty not to use their university email, and delayed finals a day. ®

https://www.theregister.com//2023/05/08/in_brief_security/