BELLEVUE, Washington — T-Mobile says it has notified nearly all of the millions of users for the mobile user data breach. T-Mobile users had their personal data stolen and T-Mobile CEO said they are “truly sorry”.
CEO Mike Sievert said in a written statement Friday that the company spends lots of effort to try to stay ahead of criminal hackers “but we didn’t live up to the expectations we have for ourselves to protect our customers.
Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”
Earlier in August, the company said that the names, Social Security numbers, and information from driver’s licenses or other identification of just over 40 million people who applied for T-Mobile credit were exposed in a recent data breach.
The same data for about 7.8 million current T-Mobile customers who pay monthly for phone service also appeared to be compromised.
Sievert’s statement was followed by a report on Thursday in the Wall Street Journal in which John Binns, a 21-year-old American hacker living in Turkey, told the newspaper he was responsible for the hack and blamed T-Mobile’s lax security for making it possible.
According to a report in Wall Street Journal, Binns discovered an unprotected router exposed on the internet in July, and used that entry point to gain access to servers in a T-Mobile data center near East Wenatchee, Washington, a few hours east of the company’s headquarters in the Seattle suburb of Bellevue.
Sievert made no direct reference to Binns on Friday but said that “in short, this individual intended to break in and steal data, and they succeeded.”
Recommended Read: T-Mobile Offers McAfee Identity Protection for 2 Years. Avail It Now
Sievert said the breach has been contained, the investigation is “substantially complete” and that customer financial information wasn’t exposed.
He said T-Mobile hired cybersecurity experts from Mandiant to help with the investigation and is coordinating with law enforcement.
“What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” Sievert wrote.
T-Mobile has previously mentioned several data breaches over the years, however, the most recent was the largest. Sievert said the company is taking steps to improve its security.
The Federal Communications Commission, which regulates wireless carriers, has said it is investigating the breach.
