T-Mobile says it’s “truly sorry” about the data breach that exposed the personal information of more than 54 million customers. “The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems,” the carrier said in an update on the situation attributed to CEO Mike Sievert.
“To say we are disappointed and frustrated that this happened is an understatement,” Sievert wrote in the post. “Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.”
In T-Mobile’s account of what happened, the individual who hacked the company’s IT systems used “specialized” tools and knowledge of its infrastructure to gain access to its testing environments. “In short, this individual’s intent was to break in and steal data, and they succeeded,” said Sievert.
The executive says the company is “fully committed” to improving its security practices as it works to regain the trust of its customers, many of whom had personal information like names, birth dates, and social security numbers compromised in the incident. As a first step, T-Mobile has contacted “just about every” current customer or primary account holder who had data such as their name, SSN or address accessed. He also reiterated the company will offer two free years of access to McAfee’s ID Theft Protection Service to all of those affected by the incident.
Looking to the future, the carrier has signed multi-year partnerships with KPMG and cybersecurity firm Mandiant. According to Sievert, the two will help T-Mobile audit its current security practices and implement systems and policies that will help it prevent future cybersecurity incidents.
“Mandiant and KPMG will work side-by-side with our teams to map out definitive actions that will be designed to protect our customers and others from malicious activity now and into the future,” Sievert wrote. “I am confident in these partnerships and optimistic about the opportunity they present to help us come out of this terrible event in a much stronger place with improved security measures.”
And T-Mobile may need all the help it can get. John Binns, the hacker who claimed earlier in the week they were responsible for the data breach, said the company’s security was “awful.”