On Friday, T-Mobile CEO Mike Sievert blogged about what the company has learned about the cyberattack that resulted in stolen customer data for more than 50 million people, and what the carrier is doing about it. Sievert confirmed the breach has been contained and its investigation is substantially complete.
He called the last two weeks “humbling.” Inside Towers reported the carrier said personal information for more than 50 million current, former and prospective customers was exposed. The breach included some SSN, name, address, date of birth and driver’s license/ID information. The carrier said no customer financial information, credit card information, debit or other payment information was accessed by the cyber criminals.
“To say we are disappointed and frustrated that this happened is an understatement,” noted Sievert. “We now know how this bad actor illegally gained entry to our servers and we have closed those access points. We are confident that there is no ongoing risk to customer data from this breach.”
“The bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used ‘brute force attacks’ and other methods to make their way into other IT servers that included customer data,” he explained.
T-Mobile has notified almost every current customer or primary account holder who had data such as name and current address, social security number, or government ID number compromised. T-Mobile customers or primary account holders who it doesn’t believe had that data impacted will now see a banner on their MyT-Mobile.com account login page letting them know, according to the executive. Now, the company is notifying former and prospective customers.
To help customers and those affected protect themselves, T-Mobile published a web page where it is:
- Offering two years of free identity protection services with McAfee’s ID Theft Protection Service to all persons who may have been affected
- Recommending customers sign up T-Mobile’s free scam-blocking protection through Scam Shield
- Making Account Takeover Protection available for postpaid customers, which makes it more difficult for customer accounts to be fraudulently ported out and stolen
- Suggesting other best practices and practical security steps like resetting PINs and passwords for all customers.
To enhance its cybersecurity, the carrier made long-term deals with cybersecurity company Mandiant and consulting firm KMPG LLP. Mandiant has been part of T-Mobile’s forensic investigation since the data breach; it plans to draw on Mandiant’s expertise to become more resilient to future cyber threats. “They will support us as we develop an immediate and longer-term strategic plan to mitigate and stabilize cybersecurity risks across our enterprise,” wrote Sievert.
KPMG’s cybersecurity team will review T-Mobile security policies and performance measurement. They will focus on controls to identify gaps and areas of improvement. Mandiant and KPMG will work alongside T-Mobile teams to map out actions designed to protect the carrier’s customers and others from malicious activity now and in the future.
Reader Interactions