CEO Mike Sievert has issued a public apology for T-Mobile's failure to prevent the cyberattack that saw personal details of more than 50 million people stolen.
As the hacker who claims responsibility for the attack calls T-Mobile's security "awful," the company has detailed the steps it is taking to improve. In an open letter on its website, the company also apologizes for the attack, and called it "humbling."
"Knowing that we failed to prevent this exposure is one of the hardest parts of this event," wrote CEO Mike Sievert. "On behalf of everyone at [T-Mobile], I want to say we are truly sorry."
To say we are disappointed and frustrated that this happened is an understatement," he continued. "Keeping our customers' data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful."
Sievert, who took over as T-Mobile CEO in May 2020, also said that the company's investigation was winding down. And that consequently he wanted to "share an update on our work and, importantly, what's next."
"We're fully committed to take our security efforts to the next level as we work to rebuild trust and I want to tell you more about what we have in progress," he wrote. "We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details."
Sievert outlines certain specific issues for users, such how the company is now offering free identity protection services. Those remain as previously detailed, but the CEO has now revealed longer-term and broader changes regarding the company's security.
"Today I'm announcing that we have entered into long-term partnerships with the industry-leading cybersecurity experts at Mandiant," continued Sievertand. "And with consulting firm KPMG LLG."
"We know we need additional expertise to take our cybersecurity efforts to the next level— and we've brought in the help," he said. "These arrangements are part of a substantial multi-year investment to adopt best-in-class practices and transform our approach."
13 Comments
Sorry? That doesn't cut it. If you're the CEO of a major company with tons of customer information, you should be drafting a letter of resignation. There's no excuse for this to have happened under your (lack of) watch. Offering free identity protection services is a joke.
News from other sources:
FireEye is one of the biggest firms in the global infosec market and is one of the US government’s go-to consultancies. This proved to be a drawback last year when Russian spies infiltrated the firm via its supplier SolarWinds, causing widespread headaches across the US public sector. (FireEye sold to McAfee's new owners for $1.2bn as Mandiant split into standalone firm again).
Did a search for KPMG LLG and it only returns other articles talking about this subject. There is a KPMG LLP so what is this company's actual name? I found a reference to KPMG LLG that pointed to a person who lists the company as KPMG LLP under Linkedin as:
Where is AI and all the other media outlets getting this information?
Sorry my A_____, now im getting lots of calls, emails and even text solicitations all of a sudden, now I know why. At least resigning is the proper way or give us credits for your crappies security.
That BIG LAUGH on his face says it all, to him this is a big joke, time for him to resign. Glad I'm with Verizon so far so good....
Security is not an end-game. It's whack-a-mole and one will always have to stay on top of it. Get sloppy and complacent then this happens.