UPDATE: T-Mobile has figured out how hackers gained access to its systems, but declines to elaborate fully given that the investigation is ongoing.
UPDATE 8/27: T-Mobile CEO Mike Sievert says the company has figured out how hackers gained access to its systems, and is now “confident that there is no ongoing risk to customer data from this breach.” But he declined to elaborate fully given that the investigation is ongoing. In a blog post, he writes: “We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details. What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data. The carrier signed a multi-year deal with security firm Mandiant and consulting firm KPMG LLP to help with cybersecurity efforts going forward. “This is all about assembling the firepower we need to improve our ability to fight back against criminals and building a future-forward strategy to protect T-Mobile and our customers,” Sievert says. As for those affected, T-Mobile has “notified just about every current T-Mobile customer or primary account holder who had data such as name and current address, Social Security number, or government ID number compromised,” Sievert says. “T-Mobile customers or primary account holders who we do not believe had that data impacted will now see a banner on their MyT-Mobile.com account login page letting them know.” UPDATE 8/20: In a filing with the Securities and Exchange Commission, T-Mobile updated estimates of how many people are affected by the breach. It says (emphasis ours): “We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised. UPDATE 8/18: T-Mobile today confirmed that the personal information of millions of current, former, and prospective customers was stolen from its systems in a recent hack.
