T-Mobile disclosed last month that the names,
Social Security numbers and information from driver’s licenses or other
identification of just over 40 million people who applied for T-Mobile credit
were exposed in a recent data breach. The same data for about 13 million
current T-Mobile customers who pay monthly for phone service also appeared to
be compromised.
Our redesigned local news and weather app is live! Download it for iOS or Android — and sign up for alerts.
“My office is extremely concerned about how
this data breach may have put the personal information of Massachusetts
consumers at risk,” Healey said in a statement. “As we investigate to
understand the full extent of what’s happened, we urge impacted consumers to
take the necessary precautions to ensure their information is safe, and to
prevent identity theft and fraud.”
She said her office has launched an
investigation into the circumstances of the breach and the steps the company is
taking to address it and notify customers
John Binns, a 21-year-old American hacker
living in Turkey, told the Wall Street Journal he was responsible for the hack
and blamed T-Mobile’s lax security for making it possible.
Binns told the Journal he discovered an
unprotected router exposed on the internet in July, and used that entry point
to gain access to servers in a T-Mobile data center near East Wenatchee,
Washington, a few hours east of the company’s headquarters in the Seattle
suburb of Bellevue.
T-Mobile CEO Mike Sievert apologized to
customers in a written statement last month, saying he was "truly
sorry" for the breach and all of the millions of customers whose personal
data was stolen had been notified.
Sievert said the company spends lots of effort
to try to stay ahead of criminal hackers “but we didn’t live up to the
expectations we have for ourselves to protect our customers. Knowing that we failed
to prevent this exposure is one of the hardest parts of this event.”
He said the breach had been contained, the
investigation is “substantially complete” and that customer financial
information wasn’t exposed. He said T-Mobile hired cybersecurity experts from
Mandiant to help with the investigation and is coordinating with law
enforcement.
“What we can share is that, in simplest terms,
the bad actor leveraged their knowledge of technical systems, along with
specialized tools and capabilities, to gain access to our testing environments
and then used brute force attacks and other methods to make their way into
other IT servers that included customer data,” Sievert wrote.
In response to the breach, T-Mobile is
offering consumers various free theft protection services, including scam and
account take-over protection for their cell phones. These services can be
accessed via T-Mobile’s website. T-Mobile also recommends that customers reset
account pins and passwords as an added precaution. The company has set up a
consumer care hotline that can be reached by dialing 611 from a T-Mobile phone
or calling 1-800-937-8997.
T-Mobile became one of the country’s largest
cellphone service carriers, along with AT&T and Verizon, after buying rival
Sprint last year. It reported having a total of 102.1 million U.S. customers
after the merger.
T-Mobile has previously disclosed a number of
data breaches over the years, though the most recent was the largest. Sievert
said the company is taking steps to improve its security.
The Federal Communications Commission, which
regulates wireless carriers, has said it is also investigating the breach.
0 comments:
Post a Comment