T-Mobile CEO 'sorry' for data breach that affected 54 million users

article thumbnail

CEO Mike Sievert has issued a public apology for T-Mobile's failure to prevent the cyberattack that saw personal details of more than 50 million people stolen.

As the hacker who claims responsibility for the attack calls T-Mobile's security "awful," the company has detailed the steps it is taking to improve. In an open letter on its website, the company also apologizes for the attack, and called it "humbling."

"Knowing that we failed to prevent this exposure is one of the hardest parts of this event," wrote CEO Mike Sievert. "On behalf of everyone at [T-Mobile], I want to say we are truly sorry."

To say we are disappointed and frustrated that this happened is an understatement," he continued. "Keeping our customers' data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful."

Sievert, who took over as T-Mobile CEO in May 2020, also said that the company's investigation was winding down. And that consequently he wanted to "share an update on our work and, importantly, what's next."

"We're fully committed to take our security efforts to the next level as we work to rebuild trust and I want to tell you more about what we have in progress," he wrote. "We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details."

Sievert outlines certain specific issues for users, such how the company is now offering free identity protection services. Those remain as previously detailed, but the CEO has now revealed longer-term and broader changes regarding the company's security.

"Today I'm announcing that we have entered into long-term partnerships with the industry-leading cybersecurity experts at Mandiant," continued Sievertand. "And with consulting firm KPMG LLG."

"We know we need additional expertise to take our cybersecurity efforts to the next level— and we've brought in the help," he said. "These arrangements are part of a substantial multi-year investment to adopt best-in-class practices and transform our approach."