BELLEVUE, Wash. (AP) — T-Mobile says it has notified nearly all the millions of customers whose personal data was stolen and is “truly sorry” for the breach. CEO Mike Sievert said in a written statement Friday that the company spends lots of effort to try to stay ahead of criminal hackers, “but we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”
The company disclosed earlier in August that a recent data breach exposed the names, Social Security numbers, and information from driver’s licenses or other identification of just over 40 million people who applied for T-Mobile credit. The same data for about 7.8 million current T-Mobile customers who pay monthly for phone service also appeared to be compromised. Sievert‘s statement follows a Thursday report in the Wall Street Journal. John Binns, a 21-year-old American hacker living in Turkey, told the newspaper he was responsible for the hack and blamed T-Mobile’s lax security for making it possible.
Sievert made no direct reference to Binns on Friday but said, “in short, this individual intended to break in and steal data, and they succeeded.” Sievert said the breach had been contained, the investigation is “substantially complete,” and customer financial information wasn’t exposed. He said T-Mobile hired cybersecurity experts from Mandiant to help with the study and is coordinating with law enforcement. “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” Sievert wrote.
Sievert said the company has notified “just about every” current customer affected and is now doing the same for former customers and prospective customers who might have supplied some personal information in applying for an account. Unaffected customers will see a banner on their T-Mobile online account page letting them know their data was not exposed. After buying rival Sprint last year, T-Mobile, based in Bellevue, Washington, became one of the country’s largest cellphone service carriers, along with AT&T and Verizon. It reported having a total of 102.1 million U.S. customers after the merger. T-Mobile has previously disclosed several data breaches over the years, though the most recent was the largest. Sievert said the company is taking steps to improve its security.
Leave a Reply