T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

[bushman4]

T Mobile always calls us valued customers . Do they know what a valued customer is ??????

 

[trevorplease]

I asked in the last thread and noone answered

Is anyone signing up with McAfee? Are they reliable or will they just lose my data again

 

[SFjohn]

T-Mobile claims they will send me an email about these protection services “in the next few days”, nothing yet. At first I thought 2 years of service would be OK. Now that I’m considering the ramifications of having my DL, SS#, and all the rest stolen & sold, this is going to remain a problem for the rest of my life. 2 years doesn’t cover it. I think T-mobile needs to really cover for cost for the lifelong damage they have done.

 

[kanki1985]

why the hell would t-mobile want to store drivers license number, SSN and birth dates in their databases? are these not required only for addition as a customer and then this data can be purged as it is no longer needed by them?

 

[PedanticDan]

“T-Mobile has now notified every current T-Mobile customer about the data breach”

I’m a current T-Mobile customer … they didn’t notify me!

 

[ian87w]

So, just more empty words and promises? No further details needed? How convenient.

 

[handle manifest]

“T-Mobile has now notified every current T-Mobile customer about the data breach”

I’m a current T-Mobile customer … they didn’t notify me!

Same here, sort of. I have one postpaid line with Sprint and two Pay as You Go – Legacy lines with T-Mobile. None of my phones have received a text message about the breach. (One of my PAYG phones got a message about the account portal website being revamped. I haven't checked it out yet.) EDIT: I received an email regarding the breech for my other PAYG account (not the one that got the text message about the My T-Mobile website) on August 31 at 3:40 PM PDT.

 

[Rafagon]

I wonder if T-Mobile CEO Mike Siever is a T-Mobile customer.

And if he is, I wonder if his personal data was compromised as well.

 

[BornAgainMac]

It is regrettable and it is easy to blame management on this but it starts with the people managing the technology. I am sure management or even external auditors don't know about these problems. Management will take the blame and I am sure they will bring in people that know what they are doing.

 

[Biro]

You should assume all your information leaked and make moves to protect yourself. You can start by freezing your credit file with the major credit reporting agencies: https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/

I did this after the big Equifax breach a few years ago. It is probably the single most important thing you can do to protect yourself. It takes a lot for me to temporarily lift the freeze for even 24 hours. I mean a lot. I would have to buy a house or car. I can't tell you how many purchases I've nixed because a company decided it needed a credit check that I knew was not necessary.

 

[Biro]

T-Mobile claims they will send me an email about these protection services “in the next few days”, nothing yet. At first I thought 2 years of service would be OK. Now that I’m considering the ramifications of having my DL, SS#, and all the rest stolen & sold, this is going to remain a problem for the rest of my life. 2 years doesn’t cover it. I think T-mobile needs to really cover for cost for the lifelong damage they have done.

It's likely all of this information has been stolen already. Remember the Equifax breach of 2017? But I understand your point. I think five or 10 years of protection is more appropriate. But good luck with that. Put a security freeze on your credit information with Equifax, Experian, TransUnion and even Innovis. And only lift it for 24 hours at a time for really important major purchases.

 

[Krizoitz]

It is regrettable and it is easy to blame management on this but it starts with the people managing the technology. I am sure management or even external auditors don't know about these problems. Management will take the blame and I am sure they will bring in people that know what they are doing.

Actually it’s often management who overrule the people in charge of the technology who tell them they need to do something more/different (read:more expensive) to provide better protection.

 

[JosephAW]

Tired of companies using the words we have to never let this happen “again”, instead of hearing the words we have stopped this “before” it happened.

 

[UltimoInfierno]

It is regrettable and it is easy to blame management on this but it starts with the people managing the technology. I am sure management or even external auditors don't know about these problems. Management will take the blame and I am sure they will bring in people that know what they are doing.

Management hire the ”underlings” that hire the “salaried slaves”. It is managements sole responsibility to hire the best qualified people for any job available. But, of course, bottom line trumps any qualities, it seems. As demonstrated here, where they didn’t even discover, that the horses had bolted, before they were told (by the “horse thieve” ;-) How irresponsible is that for management?

 

[gsurf123]

These sophisticated tools he mentioned are readily available to anyone who wants them and is willing to look for them. In the cyberattack community they are just like a hammer or screwdriver that everyone has in their home.

These cyberattacks capitalizing on weak security protocols are the norm. Companies are not willing to pay the companies who have the experts necessary to lock down their systems what they want in terms of fees and ongoing support. There are three scenarios that this happens:

• Competent IT personnel who know the weaknesses and have begged for outside help or strategic hire funding.
• Incompetent IT personnel who think they know what they are doing.
• Incompetent IT personnel who know enough to be dangerous and lazy.

Where are the class action lawyers on this. They need to redirect to issues affecting large swaths of the population over legitimate issues that can adversely effect innocent customers who just want to be able have mobile service to carry on with their lives. Companies need very little of the information they collect about us and we all know once they have it they will never give it up and may profit by sharing it.

 

[Infinitewisdom]

I mean, I could switch but, these days, whoever I switched to could have the same thing happen during the first week. This stinks and is unacceptable but I can’t say it’s an obvious decision to ditch them.

I reached the same conclusion. T-Mobile is at least on high alert now. If I switch, then I’m exposing my information in yet another place with no guarantee that it won’t happen there.

 

[seinman]

I read there have been five hacks in three years. As much as I like the 55+ plan that costs me $70/month for two lines (and free MLBtv) I am having a hard time sticking with T-Mobile. I’m considering going back to Verizon after the new iphones come out next month. Maybe they’ll have some deal on the 12 or 13 for new subscribers.

I'm on the original 55+ plan: $60/month for two lines, with the option to add a third for $90 total. Currently utilizing all three lines, and two data-only lines (a car tracker and 2GB/month on an iPad). Five lines of service on various devices for just $110 total. They will have to pry that plan from my cold, dead hands.

 

[SenorWhyMe]

this sums it up

 

[simonulacrum]

Whatever dude. After this breach now I get like 20 spam texts per day—how about comping us a nomorobo subscription?

 

[ian87w]

It is regrettable and it is easy to blame management on this but it starts with the people managing the technology. I am sure management or even external auditors don't know about these problems. Management will take the blame and I am sure they will bring in people that know what they are doing.

Management should take the blame as it's likely it was their decisions (outsourcing, budget cutting, etc) that has spiralled down into this mess.
And no, why should they bring in people that know what they are doing? Are there any punishment for T-Mobile? The CEO just said sorry and made empty vague promises, and that's it.

 

[hot-gril]

Too late. As much as I usually rag on T-Mo, I doubt any other telco has good security either.

 

[hot-gril]

T-Mobile does have terrible security, even from a consumer’s perspective. They support TOTP tokens for two-factor authentication, but even if one enables it you can still use SMS as a fallback. This defeats the whole point as SMS has known vulnerabilities and is deprecated as a 2FA measure by NIST. Oh and by the way, your Apple ID has this vulnerability too. Hope your phone number is secure.

Funny to use SMS for 2FA for the very account that provides you with SMS service.

 

[hot-gril]

T-mobile's customer support technology in general is total garbage. And this breach once again proves it.

And somebody's lying, the hacker or the CEO, and I'm betting the CEO. This story reports that the hacker "was able to get in using stored credentials" but the CEO says "the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods". Is it "stored credentials" or "brute force attacks" ? The CEO is full of crap.

I WAS a T-mobile customer for almost 8 years. Ironically 5 weeks ago I finally got around to dumping them, and chose Mint Mobile. Comparing T-mobile tech to Mint's is night and day. T-mobile's customer portal via web and app is embarrassing. Mint's app is stellar - it's how it should be done. With Mint you can sign up, get a free trial, activate your iPhone with an eSIM, activate a paid plan, switch plans and everything else, right within the Mint iOS app. And their web UI is a modern 2020s design.

I worked with a guy at Apple who just joined T-mo 5 months ago as their Chief Digital Officer, named Marcus East. Marcus must be kickin' himself for making the move.... or politicking his way into the CEO chair. 👿 😉

Worth noting that Mint runs on T-Mo's network. That's nice that they have great customer support, but I wonder whether you were affected by the breach equally. There's no technical reason T-Mo needs to know about Mint's customers, but they might anyway.

 

[ian87w]

Too late. As much as I usually rag on T-Mo, I doubt any other telco has good security either.

Thus probably it's better to get the notion of buying your own phone separately and use pay-as-you go or prepaid plans instead that won't require too many personal data.

 

[hot-gril]

Thus probably it's better to get the notion of buying your own phone separately and use pay-as-you go or prepaid plans instead that won't require too many personal data.

If you care a lot about your privacy, yes, you can do prepaid without them knowing anything about you. I don't care enough, though.