T-Mobile CEO apologizes for data breach that exposed millions of customers’ private data, pledges to enhance the carrier’s cybersecurity

Earlier this month, it was confirmed that T-Mobile, the magenta un-carrier, had suffered a major data breach. Now, two weeks later, the chief executive officer of the wireless carrier has penned a letter to customers apologizing for the incident. But, what’s more, the CEO outlines what comes next.

Unsurprisingly, the CEO of T-Mobile, Mike Sievert (who took over the role from John Legere in 2020), is not thrilled by what happened earlier this month. In the letter penned to customers (and the public in general), the chief executive says the last two weeks has been “humbling” for the company. In the letter, Sievert says the breach has been “contained,” and that the investigation into the attack has a been “substantially complete.” Now, Sievert is ready to apologize to those the breach has impacted or will potentially impact, and also lay out what comes next in terms of cybersecurity.

Sievert confirms in the letter that some private information has been accessed by the breach. That includes social security numbers, names, driver license information, and more. However, the chief executive says that no customer financial information was hacked, which includes credit card or debit card numbers. All told, while Sievert doesn’t mention it specifically in the letter, more than 50 million T-Mobile customers had their information breached to some degree.

Mike Sievert

From today’s letter:

To say we are disappointed and frustrated that this happened is an understatement. Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.

Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry.

Sievert talks, very briefly, about the hack itself. He says that the attacker’s intention was to steal information, and that’s what they did. The chief executive says he can’t go into detail as the external investigation that includes law enforcement is still underway. However, he says that the attacker “leveraged their knowledge of technical systems,” and apparently “specialized tools and capabilities” to successfully breach T-Mobile’s services. Per the letter:

We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details. What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.

In short, this individual’s intent was to break in and steal data, and they succeeded.

Here’s what T-Mobile is doing now for its customers:

  • offering two years of free identity protection services with McAfee’s ID Theft Protection Service to all persons who may have been affected
  • recommending customers sign up T-Mobile’s free scam-blocking protection through Scam Shield
  • making Account Takeover Protection available for postpaid customers, which makes it more difficult for customer accounts to be fraudulently ported out and stolen
  • suggesting other best practices and practical security steps like resetting PINs and passwords for all customers.

But, perhaps most importantly, Sievert goes into what comes next. The chief executive says they are stepping up their cybersecurity efforts in big ways. That starts with a partnership with one of the industry’s leaders in cybersecurity, a company called Mandiant. Sievert says the company has been working with T-Mobile right from the start following this latest breach:

Today I’m announcing that we have entered into long-term partnerships with the industry-leading cybersecurity experts at Mandiant, and with consulting firm KPMG LLP. We know we need additional expertise to take our cybersecurity efforts to the next level—and we’ve brought in the help. These arrangements are part of a substantial multi-year investment to adopt best-in-class practices and transform our approach. This is all about assembling the firepower we need to improve our ability to fight back against criminals and building a future-forward strategy to protect T-Mobile and our customers.

As I previously mentioned, Mandiant has been part of our forensic investigation since the start of the incident, and we are now expanding our relationship to draw on the expertise they’ve gained from the front lines of large-scale data breaches and use their scalable security solutions to become more resilient to future cyber threats. They will support us as we develop an immediate and longer-term strategic plan to mitigate and stabilize cybersecurity risks across our enterprise.

This was a major breach, and while Sievert seems to outline that the hacker behind the attack utilized a range of skills and tools, the hacker has another theory. In a separate report earlier this week, the hacker identified himself as John Binns to The Wall Street Journal, which the publication independently confirmed. Binns says T-Mobile’s security is “awful,” and was actually surprised when he discovered what he had access to following the breach (which started with an unprotected router).

In any event, it’s good to see T-Mobile will be taking steps to help mitigate this kind of thing from happening again in the future.