T-Mobile CEO Mike Sievert today posted a blog post on the company’s website to update customers on the status of the cyberattack earlier this month and the steps the company has taken since.
“The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems. Now with the breach having been contained and our investigation substantially complete, I wanted to take a moment to provide an update and some perspective on where things stand, what we have been doing to take care of impacted people, and the measures we are taking to better protect consumers from future incidents like this.” Sievert said.
The company has confirmed the attack which, according to published reports, compromised data of millions of the company’s customers, former customers and prospective customers.
According to Sievert, however, the breach did not expose any customer financial information, credit card information, debit or other payment information. Yet some Social Security Numbers and other personally identifiable information (PII) was compromised. All affected customers or primary account holders have been notified.
“Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers,” Sievert said, adding that the company apologizes for the breach.
The company’s investigation has uncovered how the breach occurred, and those issues have been corrected, according to Sievert. “We are confident that there is no ongoing risk to customer data from this breach,” he said.
However, he also admitted that the security efforts weren’t complete, writing “there is much work to do, and this will take time, and we remain committed to doing our best to ensure those who had information exposed feel informed, supported, and protected by T-Mobile.”
As a result of the breach, the carrier is:
- Offering two years of free identity protection services with McAfee’s ID Theft Protection Service to anyone who may have been affected
- Making account takeover protection available for postpaid customers,
- Recommending resetting PINs and passwords for all customers.
The company will also be working with security consultants in an attempt to strengthen its security.