T-Mobile CEO apologizes for data breach, shares information on future security plans

T-Mobile CEO Mike Sievert today wrote a letter to T-Mobile customers apologizing for the recent data breach that affected more than 50 million current, former and potential T users. -Mobile.

Data which included names, phone numbers, addresses, dates of birth, social security numbers, driver’s license and identifying information, IMEI numbers and IMSI numbers was stolen and offered for sale.

“We haven’t lived up to the expectations we have for ourselves to protect our customers,” Sievert wrote. “Knowing that we failed to prevent this exposure is one of the most difficult parts of this event. On behalf of everyone at Team Magenta, I want to say that we are so sorry.”

He went on to say that T-Mobile is “disappointed and frustrated” and that protecting customer data is a responsibility that is taken “incredibly seriously”. Preventing attacks is a “top priority” for the business.

The hacker who claims to have attacked T-Mobile’s servers yesterday said T-Mobile’s security is “horrible”. The hacker said he discovered an unprotected T-Mobile router in July and used it to gain access to T-Mobile’s Washington data center, where he was able to enter using stored credentials.

Sievert said T-Mobile is coordinating with law enforcement on a criminal investigation and the company is unable to release specific details at this time.

What we can share is that, in layman’s terms, the wrong actor leveraged their knowledge of technical systems, as well as specialized tools and capabilities, to gain access to our test environments and then used attacks by brute force and other methods to find its way into other Computer Servers that included client data.

T-Mobile has now notified all current T-Mobile customers of the data breach and is making efforts to notify former and potential customers. Those affected can visit T-Mobile’s dedicated attack website, which provides tools to register for McAfee ID Theft Protection free of charge, configure Scam Shield, and use the Account Takeover Protection service.

In order to prevent future attacks, T-Mobile has entered into long-term partnerships with cybersecurity experts at Mandiant and with consultancy firm KPMG LLP. T-Mobile plans a multi-year investment to strengthen its security.