T-Mobile Breach Highlights Common Corporate Security Weakness

Many companies don’t properly secure APIs, the ubiquitous interface that lets technology programs communicate
Health-ISAC mention:
“API security is an area that’s largely been overlooked,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center, a nonprofit group that enables healthcare organizations to share information about cyber threats. “The main challenge is getting cybersecurity teams to realize how vulnerable their APIs are,” he said.
Jan. 23, 2023 5:30 am ET | WSJ PRO
The data breach of about 37 million T-Mobile US Inc. customers occurred through an attack on an API, or application programming interface, highlighting a risk facing many businesses.
APIs connect applications and share information in many settings, like mobile applications that connect to a social media platform, cars that drivers can unlock via an app, or backroom technology that moves data across different information systems.
Companies rely on APIs as they expand technology projects, often without proper security measures, cybersecurity analysts and researchers say.
Read the full article in the Wall Street Journal:
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%