By: Editorial Staff, Date: October 13th, 2021

In early August 2021, T-Mobile experienced a hack that exposed the sensitive information of over 50 million of the company’s current, former, and prospective customers. Information such as names, birthdates, social security numbers, driver’s license numbers, and beyond was compromised, leaving the company reeling for answers.
Those answers came when a 21-year-old US citizen named John Binns admitted to the Wall Street Journal that he was the one behind the attack. According to Binns, he was able to gain access to a T-Mobile data center located near East Wenatchee, Washington via an unprotected router, enabling him to explore over 100 of the company’s private servers. Within a matter of weeks, he was able to steal millions of sensitive files. Binns, however, claims that there was no financial motive behind the hack. Rather, he says that the purpose of the hack was to harm US infrastructure in retaliation against the government.

In response to the hack, T-Mobile first notified all current and former customers that their data might have been exposed in addition to offering them two years of free identity protection services via McAfee’s ID Theft Protection Service. The company also immediately began beefing up its cybersecurity countermeasures by signing “long-term partnerships” with Mandiant and KPMG LLG.
The fact that a single actor was able to deal such a heavy blow to a company that constitutes a major component of US telecommunications infrastructure is cause for serious concern for more than just the T-Mobile customers affected by the hack. Equally concerning is the fact that T-Mobile is far from the only major US company with serious chinks in its cybersecurity armor. Until efforts are made across the board to ramp up the security of critical infrastructure and companies, breaches such as the T-Mobile hack will almost certainly continue to occur.

Upcoming Webcasts


SOC and SSAE 18 Reporting: Practical Tips and Strategies Explored

As of May 1, 2017, the American Institute of Certified Public Accountants (AICPA) implemented the Statement on Standards for Attestation Engagements (SSAE) 18. This updated standard requires companies to take full control and responsibility of their internal controls and to enhance their risk assessment procedures.