T-Mobile CEO Mike Sievert described his company as “humbled” by the recent breach of its servers that led to a hacker stealing the personal information of nearly 55 million customers, but said the company is “fully committed to take our security efforts to the next level.”
Sievert authored a lengthy blog post Friday detailing how the hacker gained access to the company’s servers and what it is doing to prevent future attacks. He apologized for the incident, which was at least the company’s fifth such breach since 2018 and by far the largest.
“Knowing that we failed to prevent this exposure is one of the hardest parts of this event,” Sievert wrote. “On behalf of everyone at Team Magenta, I want to say we are truly sorry.”
Describing how the event occurred, Sievert said a “bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.
“In short, this individual’s intent was to break in and steal data, and they succeeded.”
T-Mobile has worked with cyber-security consultant Mandiant as well as law enforcement in response to the attack. Sievert said the company is certain it has closed the entry points and that further breaches have been stopped.
“We are confident that there is no ongoing risk to customer data from this breach,” he wrote.
T-Mobile has informed all customers whose data was stolen in the breach. Information included names, dates of birth, Social Security numbers, and driver’s license/ID information but did not include any financial information, the company said. T-Mobile has offered affected customers two years of identity protection service and is recommending users update their passwords and PINs. The company is automatically updating PINs and passwords for some customers.
Moving forward, T-Mobile is partnering with Mandiant and KPMG as part of a “substantial multi-year investment to adopt best-in-class practices and transform our approach. This is all about assembling the firepower we need to improve our ability to fight back against criminals and building a future-forward strategy to protect T-Mobile and our customers,” Sievert wrote.
Mandiant is providing “scalable security solutions to become more resilient to future cyber threats,” as well as advice on how to develop a short- and long-term strategic plan to “to mitigate and stabilize cybersecurity risks across our enterprise,” Sievert continued.
KPMG’s cyber-security team will “perform a thorough review of all T-Mobile security policies and performance measurement” and “focus on controls to identify gaps and areas of improvement,” he added.
“I am confident in these partnerships and optimistic about the opportunity they present to help us come out of this terrible event in a much stronger place with improved security measures,” Sievert wrote.