T-Mobile CEO Mike Sievert today wrote a letter to T-Mobile customers apologizing for the recent data breach that affected more than 50 million current, past and potential T-Mobile users.
/article-new/2020/03/tmobilelogo.jpg?resize=560%2C279&ssl=1)
Data including names, phone numbers, addresses, dates of birth, social security numbers, driver’s license and identifying information, IMEI numbers and IMSI numbers were stolen and put up for sale.
“We didn’t live up to the expectations we had to protect our customers,” Sievert wrote. “Knowing we couldn’t avoid this exposure is one of the hardest parts of this event. On behalf of everyone on the Magenta team, I want to say we’re sorry.”
He went on to say that T-Mobile is “disappointed and frustrated” and that keeping customer data safe is a responsibility that is taken “incredibly seriously”. Preventing attacks is a “top priority” for the company.
The hacker who claims to have attacked T-Mobile’s servers yesterday said T-Mobile’s security is “horrible”. The hacker said he discovered an unprotected T-Mobile router in July and used it to access T-Mobile’s data center in Washington, where he was able to enter using stored credentials.
Sievert said T-Mobile is coordinating with law enforcement in a criminal investigation and the company cannot reveal specific details at this time.
What we can share is that, in simpler terms, the bad actor took advantage of his knowledge of technical systems, along with specialized tools and capabilities, to access our testing environments and then used brute force attacks and other methods to make way for other IT Servers that included client data.
T-Mobile has now notified all current T-Mobile customers of the data breach and is working to notify potential and former customers. Those affected can visit T-Mobile’s website dedicated to the attack, which provides tools to register for free against McAfee ID theft protection, set up Scam Shield, and use the account acquisition protection service.
In an attempt to prevent future attacks, T-Mobile has established long-term partnerships with Mandiant cybersecurity experts and consulting firm KPMG LLP. T-Mobile plans a multi-year investment to bolster its security.