T-Mobile apologizes for data breach; carrier will invest in cybersecurity to ‘transform our approach’
T-Mobile is taking lessons learned from its recent data breach that affected millions of customers and vowed to invest more heavily in cybersecurity.
T-Mobile CEO Mike Sievert apologized to customers on Friday in a blog post following a cyberattack that exposed personal details of more than 50 million people.
“To say we are disappointed and frustrated that this happened is an understatement,” Sievert said.
The Wall Street Journal reported this week that a 21-year-old American took responsibility for the hack by using an unprotected router, giving him access to a T-Mobile data center about 150 miles east of the Seattle area, where the company’s headquarters is based.
Sievert said on Friday that “the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.
“In short, this individual’s intent was to break in and steal data, and they succeeded,” he said.
The hack affected current, past, and prospective T-Mobile customers. The stolen files did not include customer financial, credit card, debit or other payment information, T-Mobile said. However, first and last names, date of birth, SSN, and driver’s license/ID information was accessed.
T-Mobile created a webpage to help educate customers on protecting themselves. It is offering two years of free identity protection services.
The investigation into the hack is “substantially complete,” and there is no longer ongoing risk to customer data, Sievert said.
The CEO also announced Friday that the company is partnering with cybersecurity firm Mandiant and consulting giant KPMG to “adopt best-in-class practices and transform our approach.”
The FBI and FCC are investigating the attack, according to the WSJ.
T-Mobile has more than 104 million subscribers and is the second-largest carrier in the U.S. behind Verizon. It has suffered several breaches over the past few years.