By: Editorial Staff, Date: October 13th, 2021
In early August 2021, T-Mobile experienced a hack that exposed the sensitive information of over 50 million of the company’s current, former, and prospective customers. Information such as names, birthdates, social security numbers, driver’s license numbers, and beyond was compromised, leaving the company reeling for answers.
Those answers came when a 21-year-old US citizen named John Binns admitted to the Wall Street Journal that he was the one behind the attack. According to Binns, he was able to gain access to a T-Mobile data center located near East Wenatchee, Washington via an unprotected router, enabling him to explore over 100 of the company’s private servers. Within a matter of weeks, he was able to steal millions of sensitive files. Binns, however, claims that there was no financial motive behind the hack. Rather, he says that the purpose of the hack was to harm US infrastructure in retaliation against the government.
In response to the hack, T-Mobile first notified all current and former customers that their data might have been exposed in addition to offering them two years of free identity protection services via McAfee’s ID Theft Protection Service. The company also immediately began beefing up its cybersecurity countermeasures by signing “long-term partnerships” with Mandiant and KPMG LLG.
The fact that a single actor was able to deal such a heavy blow to a company that constitutes a major component of US telecommunications infrastructure is cause for serious concern for more than just the T-Mobile customers affected by the hack. Equally concerning is the fact that T-Mobile is far from the only major US company with serious chinks in its cybersecurity armor. Until efforts are made across the board to ramp up the security of critical infrastructure and companies, breaches such as the T-Mobile hack will almost certainly continue to occur.