T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users.

tmobilelogo
Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale.

"We didn't live up to the expectations we have for ourselves to protect our customers," wrote Sievert. "Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry."

He went on to say that T-Mobile is "disappointed and frustrated" and that keeping customer data safe is a responsibility that is taken "incredibly seriously." Preventing attacks is a "top priority" for the company.

The hacker who claims to have attacked T-Mobile's servers yesterday said that T-Mobile's security is "awful." The hacker said that he discovered an unprotected T-Mobile router in July and used that to access T-Mobile's data center in Washington, where he was able to get in using stored credentials.

Sievert said that T-Mobile is coordinating with law enforcement on a criminal investigation, and that the company is unable to disclose specific details at this time.

What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.

T-Mobile has now notified every current T-Mobile customer about the data breach, and is working to notify former and prospective customers. Those affected can visit T-Mobile's website dedicated to the attack, which provides tools for signing up for free McAfee ID Theft Protection, setting up Scam Shield, and using the Account Takeover Protection service.

In an attempt to prevent future attacks, T-Mobile has entered long-term partnerships with cybersecurity experts at Mandiant and with consulting firm KPMG LLP. T-Mobile is planning a multi-year investment into beefing up its security.

Top Rated Comments

benh911f Avatar
5 weeks ago
I hate when these companies release statements after the fact saying how important keeping customer info safe and secure is. Just so disingenuous when it clearly isn’t important to them at all.
Score: 25 Votes (Like | Disagree)
velocityg4 Avatar
5 weeks ago
T-Mobile: We're now upgrading to Windows 98 and installing Norton Utilities. Plus enforcing four digit numerical passwords for all administrators. Everything should be good now.
Score: 24 Votes (Like | Disagree)
nutmac Avatar
5 weeks ago
All empty words.

T-Mobile should minimally implement:

* Non-SMS 2FA: Integrate with more secure 3rd party SSO like Apple or Google, and allow customers to use only RFC-6238 without the SMS fallback.
* Automated PIN Entry: Currently, T-Mobile representative asks customers to recite the PIN. A bank teller would never ask for your PIN. The entry should be done by an automated system.
* Close the Backdoors: T-Mobile representative can bypass the PIN and reset it with easily hacked info like social security number and mother's maiden name. Resetting them should require third party knowledge-based authentication service.
* Data minimization: Do not store sensitive info like social security number, birthdate, and driver's license. Customers should be required to enter these information whenever T-Mobile needs to pull credit report.
* Data retention: When a customer leaves, encrypt and archive their data to entirely separate system that requires more stringent access control. And allow customers to delete them indefinitely.
Score: 12 Votes (Like | Disagree)
Think|Different Avatar
5 weeks ago
I mean, I could switch but, these days, whoever I switched to could have the same thing happen during the first week. This stinks and is unacceptable but I can’t say it’s an obvious decision to ditch them.
Score: 6 Votes (Like | Disagree)
justperry Avatar
5 weeks ago
[HEADING=2]Apologizes Until it happens again...and again...and yet again.[/HEADING]
Score: 5 Votes (Like | Disagree)
mapsdotapp Avatar
5 weeks ago
T-Mobile does have terrible security, even from a consumer’s perspective. They support TOTP tokens for two-factor authentication, but even if one enables it you can still use SMS as a fallback. This defeats the whole point as SMS has known vulnerabilities and is deprecated as a 2FA measure by NIST. Oh and by the way, your Apple ID has this vulnerability too. Hope your phone number is secure.
Score: 4 Votes (Like | Disagree)

Top Stories

tmobilelogo

T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach

Friday August 20, 2021 9:21 am PDT by
T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers. At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile ...
tmobilelogo

T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

Thursday August 26, 2021 12:06 pm PDT by
T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen. John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for...
tmobilelogo

T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

Monday August 16, 2021 12:49 pm PDT by
T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users. Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's...
tmobilelogo

T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

Wednesday August 18, 2021 5:41 am PDT by
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers. Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company...
t mobile walmart

T-Mobile's Smartphones Coming to 2,300 Walmart Locations Across the U.S.

Monday September 13, 2021 1:19 pm PDT by
T-Mobile today announced that its T-Mobile and Metro by T-Mobile smartphones will soon be available in more than 2,300 Walmart locations across the United States, significantly expanding T-Mobile's footprint. T-Mobile devices will be listed on Walmart.com, though customers will need to visit a Walmart store to make a purchase. The rollout follows the availability of T-Mobile devices in Best...
apple tv plus banner

T-Mobile Offering Free Year of Apple TV+ to Select Customers Starting Wednesday

Monday August 23, 2021 6:12 am PDT by
T-Mobile today announced that new and existing Magenta and Magenta MAX customers can receive 12 months of Apple TV+ for free starting this Wednesday, August 25 in the United States. T-Mobile has launched a promotional page with further details. The offer can even be redeemed by users who already pay for Apple TV+. Once you redeem the offer, your paid Apple TV+ subscription will pause and the ...
three mobile uk

Three Becomes Latest UK Mobile Operator to Bring Back EU Roaming Charges

Thursday September 9, 2021 1:41 am PDT by
Three has become the latest UK mobile network to reintroduce EU roaming fees, in another post-Brexit setback for customers traveling abroad. A flat £2 daily charge when roaming within an EU country will apply to customers who are new or upgrading from October 1. The changes will not come into effect until May 23 2022. The operator joins EE and Vodafone who have recently announced the...
maxresdefault

You Can Now Test T-Mobile's Network Using an App and eSIM

Tuesday June 29, 2021 11:51 am PDT by
T-Mobile has made it easier than ever for iPhone owners contemplating a carrier switch to test out its network, adding eSIM support to its existing Test Drive Program. As noted by Light Reading (via The Verge), those who have an iPhone that supports eSIM can download the T-Mobile Network Test Drive app to try out the T-Mobile network, a feature that T-Mobile rolled out last week. T-Mobile ...
tim cook privacy

Apple Not Trying Hard Enough to Protect Users Against Surveillance, Researchers Say

Friday July 23, 2021 6:46 am PDT by
Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired). Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group...
Vodafone 2

Vodafone to Bring Back EU Roaming Charges for UK Customers Abroad

Tuesday August 10, 2021 12:53 am PDT by
Vodafone is bringing back roaming charges for U.K. users traveling in Europe, the second mobile operator do so post-Brexit after originally saying they had no plans to re-introduce them. New and upgrading customers on "selected plans" will be charged at least £1 per day to use their mobile phone in EU destinations. The rules will change for new and upgrading customers from Wednesday,...