T-Mobile offers details of data breach that affected 40M
According to T-Mobile, the hackers who stole its customer database had knowledge of the company's network and testing setup. The hack was a carefully planned network breach.
T-Mobile says hackers who took the account details of more than 40 million customers this month planned their attack out well in advance.
The telecoms giant posted an update Friday, with details on the data breach that resulted in the loss of databases containing personal details on tens of millions of T-Mobile customers.
According to T-Mobile's preliminary report, an attacker was able to gain access to its testing networks and obtain high-level passwords. From there, the credentials were used to move laterally across the network and eventually land on a database that contained the most sensitive details of T-Mobile customers.
In simplest terms, the bad actor leveraged their knowledge of technical systems … to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.
Mike SievertCEO, T-Mobile
"While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details," T-Mobile CEO Mike Sievert said. "What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data."
Compromised information includes customer names, addresses, Social Security numbers and government ID numbers.
"In short, this individual's intent was to break in and steal data, and they succeeded," Sievert said.
The announcement marks a worst-case scenario after the reports last week of a T-Mobile breach. The company at the time looked to mitigate the loss by playing down the amount of data stolen. At this point, however, the carrier has decided that enough sensitive information was stolen to warrant offering affected customers two years of identity theft protection.
"Attacks like this are on the rise, and bad actors work day in and day out to find new avenues to attack our systems and exploit them," Sievert said. "We spend lots of time and effort to try to stay a step ahead of them, but we didn't live up to the expectations we have for ourselves to protect our customers."
In his statement, he also announced that the company has entered into long-term partnerships with Mandiant and KPMG to investigate the breach and rework its security program.
"I am confident in these partnerships, and optimistic about the opportunity they present to help us come out of this terrible event in a much stronger place with improved security measures," Sievert said.
