Today, T-Mobile’s CEO Mike Sievert said that the hacker behind the carrier’s latest massive data breach brute forced his way through T-Mobile’s network after gaining access to testing environments.
The attacker could not exfiltrate customer financial information, credit card information, debit or other payment information during the incident.
However, T-Mobile says that he stole records belonging to 54.6 million current, former, or prospective customers, containing Social Security numbers, phone numbers, names, addresses, dates of birth, T-Mobile prepaid PINs, and driver license/ID information.
“No ongoing risk to customer data”
“While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details,” Sievert said in a statement published earlier today.
“What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.”