T-Mobile data breach leaves millions with compromised personal information

T-Mobile recently announced that it had been the victim of a massive data breach, impacting more than 47 million customers, former customers and even prospective customers, just under half of the telecommunication giant's 104 million customers, according to The Verge.

A breach of massive proportions

While T-Mobile has revealed how the breach occurred to the public, the hacker is believed to be John Binns, an American living in Turkey. On August 27, Binns gave an interview with The Wall Street Journal in which he claimed responsibility for the attack and called T-Mobile's cybersecurity "awful." Binns also said that he was able to gain access to the company's files through an unprotected router.

There's some dispute about the exact number of victims of the breach, with T-Mobile putting the total at 47 million after an internal investigation and a Twitter account purportedly attached to Binns claiming more the 100 million users were impacted. T-Mobile also originally released an estimate of 40 million victims before updating that number with an additional 7.8 million impacted postpaid customers.

Among the data that was stolen was a variety of sensitive personal information — including Social Security numbers, driver's license numbers and additional ID details. Prepaid customers, or those on an existing plan, also had their phone numbers and account PIN numbers stolen. T-Mobile performed a PIN reset for everyone impacted in this manner. Other less sensitive customer information that was compromised included first and last names and dates of birth. Combined, all of this information could be used to create new accounts in victims' names.

Keeping your customer's data secure is essential for your business.
Keeping your customer's data secure is essential for your business.

As a result of the breach, the Federal Communications Commission has already announced that it will be investigating the matter. In addition, The Verge reported that at least one class-action lawsuit against T-Mobile has already been filed — as is frequently the case when large amounts of personal data have been compromised.

Not a new problem

While the newest T-Mobile data breach looks to have an extremely wide scope, it is far from the first time the company has had trouble keeping its customer data safe. In fact, the company dealt with five known breaches in the last four years (including this one), according to The Verge — with two others occurring in 2020, one in 2019 and another in 2018.

In a statement to T-Mobile customers, company CEO Mike Sievert called the most recent attack "humbling for all of us at T-Mobile." Sievert also laid out what protections will be available to impacted individuals, including two years of free McAfee ID Theft Protection Service and Account Takeover Protection for postpaid customers.

While the spate of recent cyberattacks is concerning for T-Mobile, the company did earn some compliments from experts for the way it has navigated the issue. According to crisis management and communication expert Edward Segal, writing in Forbes, the company followed several key best practices, including disclosing the issue early, giving regular updates and informing consumers what actions were being taken to help victims and mitigate the chance of a future breach.

"An important crisis management best practice is to immediately disclose information about a crisis, and not leave it to others to discover it themselves," Segal stated. "If others — such as news organizations— find and report details of the crisis before you do, it can raise questions about your failure to announce the crisis."

Shoring up your cybersecurity

Even if you're not a multinational corporation that works with a large amount of personal data like T-Mobile, protecting your information from data breaches is still essential. The long-term savings of avoiding a breach could be enormous, especially if you stand to face litigation for mishandling consumer data should a breach occur. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication and even biometric recognition technologies such as fingerprint readers.

Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary terminal emulation tool called Inventu Viewer+, a high performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows developers to craft reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers.  All in all, Inventu Viewer+ supports streamlined IT modernization and meets employer and staff expectations in a way that feels both familiar and simple. Contact us today or review our extensive product catalog to see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.