T-Mobile hack: Here's what we know about the massive data breach

The breach compromised the personal information of more than 50 million customers. Are you one?

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, two star marathoner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise Cybersecurity, Digital Privacy, IoT, Consumer Tech, Running and Fitness Tech, Smartphones, Wearables
Bree Fowler
3 min read

The information of more than 50 million T-Mobile customers was compromised in a breach. 

Getty Images

More than 54 million people are at risk of identity theft and other cybercrimes, after a massive data breach at T-Mobile exposed some of the most sensitive personal information the carrier had about its customers

The stolen data, which came from the wireless provider's databases of current, former and prospective customers, included Social Security numbers, as well as other key information cybercriminals could use to open up new credit cards, file fraudulent tax returns or apply for driver's licenses under the victims' names.  

On Friday, T-Mobile CEO Mike Sievert said the company's investigation into the breach was "substantially complete," though it continues to coordinate with law enforcement. He apologized for the hack and said the company had hired Mandiant, a cybersecurity company, and KPMG, a consultancy, to shore up its cyber defenses.

"To say we are disappointed and frustrated that this happened is an understatement," Sievert wrote in a statement, adding that keeping customer data safe is a "top priority."

Here's what we know about the giant cyberattack so far:

What happened?

T-Mobile says cybercriminals compromised its systems and stole the personal information of current, former and prospective customers. The company initially said the attack, which it confirmed on Aug. 16, affected about 40 million people, but it later raised the total to more than 54 million people.

The information stolen included consumer names, addresses, Social Security numbers and dates of birth, along with driver's licenses and other identification. In some cases, IMEIs and IMSIs, which identify devices and accounts, were taken. Some account PINS were also stolen.

T-Mobile says there's no indication any consumer financial data, such as credit card or other payment information, was compromised.

Who's to blame?

As with all cyberattacks, figuring out who did it can be tricky. The Wall Street Journal published on Aug. 26 an interview with John Binns, a 21-year-old American, who claimed responsibility for the hack. Binns, who moved to Turkey a few years ago, called T-Mobile's security "awful" and said he'd committed the hack in part to get attention. He declined to say whether he was paid to carry it out or if he'd sold any of the stolen data. 

The Journal reported that it remains unclear whether Binns was working alone or with others. It also reported that the Seattle office of the FBI is investigating. T-Mobile is headquartered in nearby Bellevue, Washington.

What's T-Mobile doing about it?

In its statement, T-Mobile said its investigation, conducted with the help of Mandiant, identified how the attacker gained entry to its servers, vulnerabilities it's since closed. As a result, the company says, it's confident the customer data isn't at risk of being stolen again by different cybercriminals.

T-Mobile said it's tasked Mandiant with developing a strategic plan to boost its overall cybersecurity operations. KPMG will review T-Mobile's security policies to identify gaps and areas that need to be improved.

What about the people affected?

T-Mobile says it's contacted nearly all the affected customers and that those it believes weren't affected will see a banner on their online account login page notifying them. It's also in the process of attempting to reach all the affected former and prospective customers.

To those affected, T-Mobile is offering free access to McAfee's ID Theft Protection Service for two years and advanced spam-blocking. It's also offering its Account Takeover Protection service to protect postpaid customers, which is designed to protect consumers from having their accounts ported out and stolen. The company has also reset PIN numbers for all prepaid customers after the exposure of 850,000 accounts.

How can I protect myself?

Once your personal information has been compromised, there's really no getting it back. The best you can do is try to keep tabs on it. Taking T-Mobile up on its offers of identity theft and account takeover protection can help with that.

Meanwhile, people who've had their Social Security number stolen should freeze their credit. That'll prevent anyone other than them from opening a new financial account or taking out a loan in their name. 

This is a good time to make sure you're using strong passwords and two-factor authentication on all of your accounts. A password manager can help you set and store those keys to your accounts, while tools such as Google 's Password Checkup, Mozilla's Firefox Monitor and the website Have I Been Pwnd? will let you know if any of your passwords have been compromised.