T-Mobile CEO Mike Sievert on Friday announced that the hacker behind the recent breach of the company that compromised the information of around 50 million individuals had used “brute force” in the attack and apologized for the impact of the breach.
The apology, made in a statement published Friday, came a week after the company announced that the data of current, former and prospective customers had been compromised, including customer names, dates of birth, Social Security numbers and driver’s license information.
“To say we are disappointed and frustrated that this happened is an understatement,” Sievert wrote. “Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.”
“Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry,” he added.
Sievert did not identify who was behind the attack, but noted that T-Mobile is working with both law enforcement and cybersecurity group FireEye’s Mandiant to investigate the breach.
“The bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” Sievert wrote. “In short, this individual’s intent was to break in and steal data, and they succeeded."
The Wall Street Journal reported Thursday that John Binns, a 21-year-old American based in Turkey, had claimed responsibility for the attack. He told the publication that he had used a router exposed online to carry out the breach, adding that T-Mobile’s “security is awful.”
According to the Journal, the breach is the third major security incident disclosed by T-Mobile in the past two years, including an incident in late 2019 that involved the compromised of customer information on prepaid service accounts.
Sievert wrote Friday that “just about” every compromised current T-Mobile customer who had sensitive data exposed had been notified, and that the company is continuing to work to notify former and prospective customers impacted.
T-Mobile has set up a website for the breach, and is offering two years of free identity theft protection to victims along with taking other security enhancement steps such as entering into “long-term partnerships” with Mandiant and consulting firm KPMG LLC.
“We know that the bad actors out there will continue to evolve their methods every single day and attacks across nearly every industry are on the rise,” Sievert wrote. “However, while cyberattacks are commonplace, that does not mean that we will accept them.”
The attack on T-Mobile is the latest massive breach to impact American companies in recent months. Around 100 private sector groups were compromised as part of the SolarWinds hack late last year, and thousands more by the exploitation by Chinese hackers of vulnerabilities in Microsoft’s Exchange Server earlier this year.
Ransomware attacks have also been on the rise, temporarily interrupting operations at Colonial Pipeline, meat producer JBS USA, software company Kasaya and many schools, hospitals and other critical groups this year.