T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans - MacRumors
Skip to Content

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

by

T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users.

tmobilelogo
Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale.

"We didn't live up to the expectations we have for ourselves to protect our customers," wrote Sievert. "Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry."

He went on to say that T-Mobile is "disappointed and frustrated" and that keeping customer data safe is a responsibility that is taken "incredibly seriously." Preventing attacks is a "top priority" for the company.

The hacker who claims to have attacked T-Mobile's servers yesterday said that T-Mobile's security is "awful." The hacker said that he discovered an unprotected T-Mobile router in July and used that to access T-Mobile's data center in Washington, where he was able to get in using stored credentials.

Sievert said that T-Mobile is coordinating with law enforcement on a criminal investigation, and that the company is unable to disclose specific details at this time.

What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.

T-Mobile has now notified every current T-Mobile customer about the data breach, and is working to notify former and prospective customers. Those affected can visit T-Mobile's website dedicated to the attack, which provides tools for signing up for free McAfee ID Theft Protection, setting up Scam Shield, and using the Account Takeover Protection service.

In an attempt to prevent future attacks, T-Mobile has entered long-term partnerships with cybersecurity experts at Mandiant and with consulting firm KPMG LLP. T-Mobile is planning a multi-year investment into beefing up its security.

Tag: T-Mobile

Popular Stories

iOS 26

iOS 26.4 Adds Two New Features to CarPlay

Tuesday March 24, 2026 1:55 pm PDT by
iOS 26.4 was released today, and it includes a couple of new features for CarPlay: an Ambient Music widget and support for voice-based chatbot apps. To update your iPhone 11 or newer to iOS 26.4, open the Settings app and tap on General → Software Update. CarPlay will automatically offer the new features so long as the iPhone connected to your vehicle is running iOS 26.4 or later....
Read Full Article28 comments
Apple Business hero

Apple Unveils 'Apple Business' All-in-One Platform

Tuesday March 24, 2026 8:53 am PDT by
Apple today announced Apple Business, a new all-in-one platform that unifies device management, productivity tools, and customer outreach features. The service is designed to be a consolidated replacement for several of Apple's existing business-focused offerings, including Apple Business Essentials, Apple Business Manager, and Apple Business Connect. It provides organizations with a single...
Read Full Article47 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 3, AirPods Pro 2 and AirPods 4

Tuesday March 24, 2026 12:31 pm PDT by
Apple today released new firmware for the AirPods Pro 2, AirPods Pro 3, and the AirPods 4. The firmware has a version number of 8B39, up from 8B34 on the AirPods Pro 3, 8B28 on the AirPods Pro 2, and 8B21 on the AirPods 4. There is no word on what's included in the firmware, but Apple has a support document with limited notes. Most updates are limited to bug fixes and performance...
Read Full Article88 comments

Top Rated Comments

B
benh911f
60 months ago
I hate when these companies release statements after the fact saying how important keeping customer info safe and secure is. Just so disingenuous when it clearly isn’t important to them at all.
Score: 25 Votes (Like | Disagree)
velocityg4 Avatar
velocityg4
60 months ago
T-Mobile: We're now upgrading to Windows 98 and installing Norton Utilities. Plus enforcing four digit numerical passwords for all administrators. Everything should be good now.
Score: 24 Votes (Like | Disagree)
nutmac Avatar
nutmac
60 months ago
All empty words.

T-Mobile should minimally implement:

* Non-SMS 2FA: Integrate with more secure 3rd party SSO like Apple or Google, and allow customers to use only RFC-6238 without the SMS fallback.
* Automated PIN Entry: Currently, T-Mobile representative asks customers to recite the PIN. A bank teller would never ask for your PIN. The entry should be done by an automated system.
* Close the Backdoors: T-Mobile representative can bypass the PIN and reset it with easily hacked info like social security number and mother's maiden name. Resetting them should require third party knowledge-based authentication service.
* Data minimization: Do not store sensitive info like social security number, birthdate, and driver's license. Customers should be required to enter these information whenever T-Mobile needs to pull credit report.
* Data retention: When a customer leaves, encrypt and archive their data to entirely separate system that requires more stringent access control. And allow customers to delete them indefinitely.
Score: 12 Votes (Like | Disagree)
Think|Different Avatar
Think|Different
60 months ago
I mean, I could switch but, these days, whoever I switched to could have the same thing happen during the first week. This stinks and is unacceptable but I can’t say it’s an obvious decision to ditch them.
Score: 6 Votes (Like | Disagree)
justperry Avatar
justperry
60 months ago
[HEADING=2]Apologizes Until it happens again...and again...and yet again.[/HEADING]
Score: 5 Votes (Like | Disagree)
T
thesoundofsettling
60 months ago
It's 2021. They could at a minimum start by salting and hashing customer PINs in their database. The account number and PIN are the only info needed to port out your number. It's honestly a joke that the PIN is stored in clear text.

I left T-Mobile last week. Right after porting, they locked me out of my online account. I called to ask about how my final bill would be delivered since I'm paperless. The rep asked for my name and phone number and then proceeded to read my mailing address to confirm that's where a bill will be sent. If you ever have a stalker that knows your name and phone number, T-Mobile customer service would be more than happy to hand out your home address.
Score: 4 Votes (Like | Disagree)
Read All Comments