T-Mobile CEO 'sorry' for data breach that affected 54 million users

Posted:
in iPhone
CEO Mike Sievert has issued a public apology for T-Mobile's failure to prevent the cyberattack that saw personal details of more than 50 million people stolen.

Mike Sievert, T-Mobile CEO
Mike Sievert, T-Mobile CEO


As the hacker who claims responsibility for the attack calls T-Mobile's security "awful," the company has detailed the steps it is taking to improve. In an open letter on its website, the company also apologizes for the attack, and called it "humbling."

"Knowing that we failed to prevent this exposure is one of the hardest parts of this event," wrote CEO Mike Sievert. "On behalf of everyone at [T-Mobile], I want to say we are truly sorry."

To say we are disappointed and frustrated that this happened is an understatement," he continued. "Keeping our customers' data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful."

Sievert, who took over as T-Mobile CEO in May 2020, also said that the company's investigation was winding down. And that consequently he wanted to "share an update on our work and, importantly, what's next."

"We're fully committed to take our security efforts to the next level as we work to rebuild trust and I want to tell you more about what we have in progress," he wrote. "We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details."

Sievert outlines certain specific issues for users, such how the company is now offering free identity protection services. Those remain as previously detailed, but the CEO has now revealed longer-term and broader changes regarding the company's security.

"Today I'm announcing that we have entered into long-term partnerships with the industry-leading cybersecurity experts at Mandiant," continued Sievertand. "And with consulting firm KPMG LLG."

"We know we need additional expertise to take our cybersecurity efforts to the next level-- and we've brought in the help," he said. "These arrangements are part of a substantial multi-year investment to adopt best-in-class practices and transform our approach."

Read on AppleInsider

Comments

  • Reply 1 of 13
    GeorgeBMacGeorgeBMac Posts: 10,690member
    "Thoughts & Prayers" have become a common response  to man-made disasters these days.

    T-Mobile could be fined by the government -- but we saw how that works in the banking industry:  The fines became just a cost of doing business.

    The Enron approach seemed to work better -- but we put the kabash on that approach.

    darkvader
  • Reply 2 of 13
    rob53rob53 Posts: 2,718member
    Sorry? That doesn't cut it. If you're the CEO of a major company with tons of customer information, you should be drafting a letter of resignation. There's no excuse for this to have happened under your (lack of) watch. Offering free identity protection services is a joke. 

    News from other sources:

    FireEye is one of the biggest firms in the global infosec market and is one of the US government’s go-to consultancies. This proved to be a drawback last year when Russian spies infiltrated the firm via its supplier SolarWinds, causing widespread headaches across the US public sector. (FireEye sold to McAfee's new owners for $1.2bn as Mandiant split into standalone firm again). 

    Did a search for KPMG LLG and it only returns other articles talking about this subject. There is a KPMG LLP so what is this company's actual name? I found a reference to KPMG LLG that pointed to a person who lists the company as KPMG LLP under Linkedin as:

    Charles Riepenhoff, Jr.
    Managing Director at KPMG LLP

    Where is AI and all the other media outlets getting this information?

    cornchip
  • Reply 3 of 13
    Sorry my A_____, now im getting lots of calls, emails and even text solicitations all of a sudden, now I know why. At least resigning is the proper way or give us credits for your crappies security.
    rob53darkvader
  • Reply 4 of 13
    mwhitemwhite Posts: 275member
    That BIG LAUGH on his face says it all, to him this is a big joke, time for him to resign. Glad I'm with Verizon so far so good....
    edited August 27
  • Reply 5 of 13
    sflocalsflocal Posts: 5,816member
    Security is not an end-game.  It's whack-a-mole and one will always have to stay on top of it.  Get sloppy and complacent then this happens.

    What's insulting is that this is not the first time for T-Mobile.  It's obvious the CEO is not taking this seriously and should be FIRED, not "resign".

    The CEO's arrogance is astounding.  When things are good, it's because of the CEO.  When things are bad, it's someone else's problem.  Screw him.  Fire him.
    mwhitecornchipdarkvader
  • Reply 6 of 13
    GeorgeBMacGeorgeBMac Posts: 10,690member
    sflocal said:
    Security is not an end-game.  It's whack-a-mole and one will always have to stay on top of it.  Get sloppy and complacent then this happens.

    What's insulting is that this is not the first time for T-Mobile.  It's obvious the CEO is not taking this seriously and should be FIRED, not "resign".

    The CEO's arrogance is astounding.  When things are good, it's because of the CEO.  When things are bad, it's someone else's problem.  Screw him.  Fire him.

    That would be a good start.  I'm not disagreeing -- if, for no other reason than it would set an example for other CEO's.
    But, in his defense, the problem of poor security probably arose under his predecessor -- who's only goal was to complete the merger with Sprint and roll out 5G.


  • Reply 7 of 13
    eightzeroeightzero Posts: 2,648member
    Interestingly, I have not been notified by t-mobile that this happened. I guess that means they have determined that my data wasn't taken. 
  • Reply 9 of 13
    zeus423zeus423 Posts: 126member
    eightzero said:
    Interestingly, I have not been notified by t-mobile that this happened. I guess that means they have determined that my data wasn't taken. 
    I haven't been notified either. I assumed it meant they were clueless and had no idea if my data was stolen.
  • Reply 10 of 13
    rob53rob53 Posts: 2,718member
    sflocal said:
    Security is not an end-game.  It's whack-a-mole and one will always have to stay on top of it.  Get sloppy and complacent then this happens.

    What's insulting is that this is not the first time for T-Mobile.  It's obvious the CEO is not taking this seriously and should be FIRED, not "resign".

    The CEO's arrogance is astounding.  When things are good, it's because of the CEO.  When things are bad, it's someone else's problem.  Screw him.  Fire him.

    That would be a good start.  I'm not disagreeing -- if, for no other reason than it would set an example for other CEO's.
    But, in his defense, the problem of poor security probably arose under his predecessor -- who's only goal was to complete the merger with Sprint and roll out 5G.


    No excuse. First thing a new CEO is supposed to do is review everything, especially system security. Cellular performance means nothing if people's information gets stolen. Companies can handle only one or two large lawsuits before they fold. This is Sievert's fault, plain and simple. He needs to be fired and every person in the security department needs to be evaluated and either fired or retrained.
  • Reply 11 of 13
    As I see it, the bigger issue here than just another CEO's mea culpa is the extensive, frequent breaches of personal data. From retailers Target, Home Depot, and eBay to socials Facebook, LinkedIn, and Yahoo to vital corporations like Colonial Pipeline, T-Mobile, and Microsoft, these are almost numbing to the dozens occurring with little answers or impediments. That alone should worry us tremendously to the dangers such a data-dependent world, of which critical institutions like energy, health services, commerce, and communications, can come to an instant stop...and the almost guaranteed pandemonium that would ensue. 
    edited August 27
  • Reply 12 of 13
    Fool me once, shame on you, fool me 4 or 5 times… 

    Will keep happening until there is real teeth in the penalty for these breaches.  Where is the legislation, legislators?  Why are we still leaving to companies to self police, or not, as they see fit?  Meanwhile we can vote with our pocketbooks.  Don’t support these repeat offenders!
    Detnator
  • Reply 13 of 13
    GeorgeBMacGeorgeBMac Posts: 10,690member
    eightzero said:
    Interestingly, I have not been notified by t-mobile that this happened. I guess that means they have determined that my data wasn't taken. 

    Most likely -- because I have been notified that some of my info was stolen -- but not all that's being reported (like SSN).
Sign In or Register to comment.