T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans - MacRumors
Skip to Content

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

by

T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users.

tmobilelogo
Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale.

"We didn't live up to the expectations we have for ourselves to protect our customers," wrote Sievert. "Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry."

He went on to say that T-Mobile is "disappointed and frustrated" and that keeping customer data safe is a responsibility that is taken "incredibly seriously." Preventing attacks is a "top priority" for the company.

The hacker who claims to have attacked T-Mobile's servers yesterday said that T-Mobile's security is "awful." The hacker said that he discovered an unprotected T-Mobile router in July and used that to access T-Mobile's data center in Washington, where he was able to get in using stored credentials.

Sievert said that T-Mobile is coordinating with law enforcement on a criminal investigation, and that the company is unable to disclose specific details at this time.

What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.

T-Mobile has now notified every current T-Mobile customer about the data breach, and is working to notify former and prospective customers. Those affected can visit T-Mobile's website dedicated to the attack, which provides tools for signing up for free McAfee ID Theft Protection, setting up Scam Shield, and using the Account Takeover Protection service.

In an attempt to prevent future attacks, T-Mobile has entered long-term partnerships with cybersecurity experts at Mandiant and with consulting firm KPMG LLP. T-Mobile is planning a multi-year investment into beefing up its security.

Tag: T-Mobile

Popular Stories

Aston Martin CarPlay Ultra Screen

Apple Says CarPlay Ultra is Coming to These Vehicle Brands

Thursday May 21, 2026 11:53 am PDT by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly a year later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. CarPlay Ultra...
Read Full Article
ios 26 iphone 16 pro lock screen notifications feature 1

iOS 27 Notifications Will Slide in From Left Side of Your iPhone's Screen

Friday June 5, 2026 7:24 am PDT by
Bloomberg's Mark Gurman today revealed another iOS 27 change: notifications will slide in from the left side of the screen instead of from the top. In addition, accessing Notification Center on iOS 27 will require swiping down on the top-left corner of the screen. If you swipe down on the Dynamic Island area, a new "Search or Ask" interface tied to the revamped Siri will appear, instead of...
Read Full Article88 comments
WWDC26 Mock Feature 2

Will Apple Launch New Hardware at WWDC Next Week?

Friday June 5, 2026 7:56 am PDT by
Apple has several hardware releases in the pipeline, but will we see any of them unveiled at this year's Worldwide Developers Conference? WWDC is primarily a software event where new versions of iOS, iPadOS, macOS, watchOS, tvOS, and visionOS take center stage, but it's not unusual for Apple to introduce new hardware during the developer conference. Take WWDC 2017, for example, where Apple...
Read Full Article79 comments

Top Rated Comments

B
benh911f
62 months ago
I hate when these companies release statements after the fact saying how important keeping customer info safe and secure is. Just so disingenuous when it clearly isn’t important to them at all.
Score: 25 Votes (Like | Disagree)
velocityg4 Avatar
velocityg4
62 months ago
T-Mobile: We're now upgrading to Windows 98 and installing Norton Utilities. Plus enforcing four digit numerical passwords for all administrators. Everything should be good now.
Score: 24 Votes (Like | Disagree)
nutmac Avatar
nutmac
62 months ago
All empty words.

T-Mobile should minimally implement:

* Non-SMS 2FA: Integrate with more secure 3rd party SSO like Apple or Google, and allow customers to use only RFC-6238 without the SMS fallback.
* Automated PIN Entry: Currently, T-Mobile representative asks customers to recite the PIN. A bank teller would never ask for your PIN. The entry should be done by an automated system.
* Close the Backdoors: T-Mobile representative can bypass the PIN and reset it with easily hacked info like social security number and mother's maiden name. Resetting them should require third party knowledge-based authentication service.
* Data minimization: Do not store sensitive info like social security number, birthdate, and driver's license. Customers should be required to enter these information whenever T-Mobile needs to pull credit report.
* Data retention: When a customer leaves, encrypt and archive their data to entirely separate system that requires more stringent access control. And allow customers to delete them indefinitely.
Score: 12 Votes (Like | Disagree)
Think|Different Avatar
Think|Different
62 months ago
I mean, I could switch but, these days, whoever I switched to could have the same thing happen during the first week. This stinks and is unacceptable but I can’t say it’s an obvious decision to ditch them.
Score: 6 Votes (Like | Disagree)
justperry Avatar
justperry
62 months ago
Apologizes Until it happens again...and again...and yet again.
Score: 5 Votes (Like | Disagree)
T
thesoundofsettling
62 months ago
It's 2021. They could at a minimum start by salting and hashing customer PINs in their database. The account number and PIN are the only info needed to port out your number. It's honestly a joke that the PIN is stored in clear text.

I left T-Mobile last week. Right after porting, they locked me out of my online account. I called to ask about how my final bill would be delivered since I'm paperless. The rep asked for my name and phone number and then proceeded to read my mailing address to confirm that's where a bill will be sent. If you ever have a stalker that knows your name and phone number, T-Mobile customer service would be more than happy to hand out your home address.
Score: 4 Votes (Like | Disagree)
Read All Comments