Massachusetts AG Launches Probe into T-Mobile Data Breach
In August, the United States wireless carrier disclosed a data breach impacting around 54.6 million individuals. Data exposed in the security incident included names, addresses, birth dates, phone numbers, Social Security numbers, information from driver’s licenses, International Mobile Equipment Identity (IMEI) numbers, and International Mobile Subscriber Identity (IMSI) numbers belonging to T-Mobile pay monthly customers and to people who applied for T-Mobile credit.
Healey proclaimed on Tuesday that an investigation has been launched by her office to examine what safeguards T-Mobile had put in place prior to the breach to protect consumers’ data and mobile device information.
The probe will also delve into how the breach occurred, how T-Mobile handled the incident, and what actions were taken by the company to notify impacted customers and T-Mobile credit applicants.
“My office is extremely concerned about how this data breach may have put the personal information of Massachusetts consumers at risk,” Healey said in a statement.
“As we investigate to understand the full extent of what’s happened, we urge impacted consumers to take the necessary precautions to ensure their information is safe, and to prevent identity theft and fraud.”
Turkey resident John Binns claimed to the Wall Street Journal that he was responsible for the T-Mobile hack that led to the major data breach. The 21-year-old American said he used an unprotected router exposed on the internet to gain access to T-Mobile servers sited in a data center near East Wenatchee, Washington, in July.
In a written statement issued last month, T-Mobile CEO Mike Sievert told customers he was “truly sorry” for the security breach.
Sievert said that the company “didn’t live up to the expectations we have for ourselves to protect our customers” and added, “Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”
In response to the breach, T-Mobile is offering consumers various free theft-protection services, including scam and account take-over protection for their cell phones.