Lawsuit explains how T-Mobile is exposing customer data to hackers،
According to the lawsuit, filed in late 2022, TMobile places customer data and credentials in a large unified database to train its AI and machine learning models, thereby compromising data security. He argues that centralizing data at a single point of access is contrary to well-established data security and storage practices.
In order to train the sophisticated AI and machine learning models that T-Mobile needed… T-Mobile aggregated all of its data, aggregated its credentials, and prioritized (and still prioritizes) training and model accessibility rather than data security. ” – Lawsuit against T-Mobile
TMobile and its parent company Deutsche Telekom (DT) denied the allegations in the lawsuit, saying they were based on speculation rather than facts.
Plaintiff points out that no T-Mobile board minutes discuss a directive or any document (internal or external) mentioning such a directive. Plaintiff's opposition ignores this fatal flaw and instead asks the court to infer such a directive based on nothing more than (1) two YouTube videos, (2) an irrelevant PowerPoint slide from an Oversight Board meeting of DT and (3) the fact that T-Mobile announced a merger with Sprint in 2018. None of them are able to support such an inference. » T-Mobile
This is not the first time a company has been criticized for using available data to train its systems and existing regulations provide no clear guidance on what is acceptable and what is not. Any business using AI needs a huge amount of data to train its AI models and improve its services and operations.
The lawsuit goes on to say that DT's AI efforts have expanded to TMobile after is acquired Sprint. Apparently, TMobile save money to remain a part of the AI program. TMobile refuted the allegations.
Plaintiff's central thesis – that T-Mobile's board unfairly allowed DT to “loot” T-Mobile's data, for DT's own benefit, thereby exposing T-Mobile to cyberattacks – is based solely on speculation (piled on speculation) and not on well-argued facts. .” T Mobile
For example, TMobile opted for the R programming language, normally used for statistical modeling and lacking fundamental security features, instead of a sophisticated language like Python to create machine learning applications.
The lawsuit also says that TMobile developed an application programming interface (API) called qAPI with the ability to interact with various information databases, but failed to implement a secure method for accessing it. This created a single point of failure for security.
Critically, qAPI enabled the centralization of “credentials”. This meant that individual usernames and passwords or other database access keys would not need to be retained by each application. They would be held by the API, which in turn would enforce access to querying applications. This meant that each database's credentials would be maintained centrally, creating a single point of failure for T-Mobile's security. As a result, a single compromised test server anywhere in the entire T-Mobile ecosystem can easily and permanently access, backup and export T-Mobile's entire data ecosystem – because T -Mobile designed its system this way” – Lawsuit against T-Mobile