T-Mobile Chief Executive Mike Sievert recently apologized to customers for a security breach that exposed more than 50 million people’s personal data, The Wall Street Journal reports
. Sievert also said the carrier is working to bolster its cyber defenses. T-Mobile announced on August 27 that it partnered with cybersecurity firm Mandiant and consulting firm KPMG LLG after the hack occurred, which exposed millions of Social Security numbers, birth dates and other personal data.
“We didn’t live up to the expectations we have for ourselves to protect our customers,” Sievert wrote in a public letter. “Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”
John Binns, a 21-year-old American who moved to Turkey a few years ago, told The Wall Street Journal in an exclusive interview that he was responsible for T-Mobile’s security breach. Binns said the carrier’s lax security allowed him an easy route into a cache of T-Mobile’s records. He said T-Mobile’s security was “awful.”
While it wasn’t clear if Binns hacked T-Mobile on his own or not, the carrier said the cyber attacker initially punctured its testing environments prior to getting access to other systems through “brute force” attacks and other methods. This is the third major customer data leak T-Mobile has disclosed in two years, according to The Wall Street Journal. A strong security defense is critical for the carrier, as it has approximately 90 million mobile phones connected to its networks.
How T-Mobile moves forward
The Seattle office of the Federal Bureau of Investigation is investigating the T-Mobile data breach, according to The Wall Street Journal. Sievert said the company is cooperating with law enforcement on the matter. He also noted that T-Mobile hired Mandiant to conduct a forensic investigation since the incident was discovered. Meanwhile, KPMG’s cybersecurity team will review T-Mobile’s security policies and performance measurement.
“We know we need additional expertise to take our cybersecurity efforts to the next level—and we’ve brought in the help,” Sievert also wrote in the letter. “To say we are disappointed and frustrated that this happened is an understatement.”
The executive added that the carrier believes strongly that it has closed the security hole the hacker accessed and that there isn’t an ongoing risk to customer data from the hack.
T-Mobile has alerted almost every T-Mobile customer or account holder whose data was compromised, according to Sievert. The carrier has also offered two years of free identity protection services with McAfee’s ID theft protection to those who might have been affected by the breach.
“Our goal is to ensure that we are providing clear information about how customers and those affected can protect themselves,” Sievert wrote.
Joe Dyton can be reached at [email protected]