However, while cyberattacks are commonplace, that does not mean that we will accept them. We know that the bad actors out there will continue to evolve their methods every single day and attacks across nearly every industry are on the rise. suggesting other best practices and practical security steps like resetting PINs and passwords for all customers.making Account Takeover Protection available for postpaid customers, which makes it more difficult for customer accounts to be fraudulently ported out and stolen.recommending customers sign up T-Mobile’s free scam-blocking protection through Scam Shield.offering two years of free identity protection services with McAfee’s ID Theft Protection Service to all persons who may have been affected.So, we have published a web page where we are: Our goal is to ensure that we are providing clear information about how customers and those affected can protect themselves. We are also now working diligently to notify former and prospective customers. T-Mobile customers or primary account holders who we do not believe had that data impacted will now see a banner on their account login page letting them know. Taking care of our customersĪs our internal investigation has continued, our teams have made supporting our customers a top priority- from answering questions to helping customers get access to tools and best practices that will help them protect their information.Īs of today, we have notified just about every current T-Mobile customer or primary account holder who had data such as name and current address, social security number, or government ID number compromised. There is much work to do, and this will take time, and we remain committed to doing our best to ensure those who had information exposed feel informed, supported, and protected by T-Mobile. Since confirming this breach, we have worked around the clock to understand impact and risk to customers and others and have done our very best to be transparent about those impacts as quickly as possible. In short, this individual’s intent was to break in and steal data, and they succeeded. What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details. We recognize that many are asking exactly what happened. We are confident that there is no ongoing risk to customer data from this breach. Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. We’re fully committed to take our security efforts to the next level as we work to rebuild trust and I want to tell you more about what we have in progress. On behalf of everyone at Team Magenta, I want to say we are truly sorry.Īs our initial investigation into the incident winds down, I felt it was important to share an update on our work and, importantly, what’s next. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers. Unfortunately, this time we were not successful.Īttacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. To say we are disappointed and frustrated that this happened is an understatement. Fortunately, the breach did not expose any customer financial information, credit card information, debit or other payment information but, like so many breaches before, some SSN, name, address, date of birth and driver’s license/ID information was compromised. On August 17 th we confirmed that T-Mobile’s systems were subject to a criminal cyberattack that compromised data of millions of our customers, former customers, and prospective customers. Now with the breach having been contained and our investigation substantially complete, I wanted to take a moment to provide an update and some perspective on where things stand, what we have been doing to take care of impacted people, and the measures we are taking to better protect consumers from future incidents like this. The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems.
0 Comments
Leave a Reply. |