T-Mobile recently announced that it had been the victim of a massive data breach, impacting more than 47 million customers, former customers and even prospective customers, just under half of the telecommunication giant's 104 million customers, according to The Verge.
A breach of massive proportions
While T-Mobile has revealed how the breach occurred to the public, the hacker is believed to be John Binns, an American living in Turkey. On August 27, Binns gave an interview with The Wall Street Journal in which he claimed responsibility for the attack and called T-Mobile's cybersecurity "awful." Binns also said that he was able to gain access to the company's files through an unprotected router.
There's some dispute about the exact number of victims of the breach, with T-Mobile putting the total at 47 million after an internal investigation and a Twitter account purportedly attached to Binns claiming more the 100 million users were impacted. T-Mobile also originally released an estimate of 40 million victims before updating that number with an additional 7.8 million impacted postpaid customers.
Among the data that was stolen was a variety of sensitive personal information — including Social Security numbers, driver's license numbers and additional ID details. Prepaid customers, or those on an existing plan, also had their phone numbers and account PIN numbers stolen. T-Mobile performed a PIN reset for everyone impacted in this manner. Other less sensitive customer information that was compromised included first and last names and dates of birth. Combined, all of this information could be used to create new accounts in victims' names.
As a result of the breach, the Federal Communications Commission has already announced that it will be investigating the matter. In addition, The Verge reported that at least one class-action lawsuit against T-Mobile has already been filed — as is frequently the case when large amounts of personal data have been compromised.
Not a new problem
While the newest T-Mobile data breach looks to have an extremely wide scope, it is far from the first time the company has had trouble keeping its customer data safe. In fact, the company dealt with five known breaches in the last four years (including this one), according to The Verge — with two others occurring in 2020, one in 2019 and another in 2018.
In a statement to T-Mobile customers, company CEO Mike Sievert called the most recent attack "humbling for all of us at T-Mobile." Sievert also laid out what protections will be available to impacted individuals, including two years of free McAfee ID Theft Protection Service and Account Takeover Protection for postpaid customers.
While the spate of recent cyberattacks is concerning for T-Mobile, the company did earn some compliments from experts for the way it has navigated the issue. According to crisis management and communication expert Edward Segal, writing in Forbes, the company followed several key best practices, including disclosing the issue early, giving regular updates and informing consumers what actions were being taken to help victims and mitigate the chance of a future breach.
"An important crisis management best practice is to immediately disclose information about a crisis, and not leave it to others to discover it themselves," Segal stated. "If others — such as news organizations— find and report details of the crisis before you do, it can raise questions about your failure to announce the crisis."
Shoring up your cybersecurity
Even if you're not a multinational corporation that works with a large amount of personal data like T-Mobile, protecting your information from data breaches is still essential. The long-term savings of avoiding a breach could be enormous, especially if you stand to face litigation for mishandling consumer data should a breach occur. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication and even biometric recognition technologies such as fingerprint readers.