Massachusetts AG Maura Healey Launches Investigation – NBC Boston
Massachusetts Attorney General Maura Healey announced Tuesday that her office has launched an investigation into the T-Mobile data breach to determine whether the company has put in place appropriate safeguards to protect consumer information and mobile devices.
T-Mobile revealed last month that the names, social security numbers, and driver’s license information or other identifying details of just over 40 million people who have applied for T-Mobile credit were exposed during a recent data breach. The same data for around 13 million current T-Mobile customers who pay monthly for phone service also appeared to be in jeopardy.
“My office is extremely concerned about how this data breach may have endangered the personal information of Massachusetts consumers,” Healey said in a statement. “As we investigate to understand the full extent of what happened, we urge affected consumers to take the necessary precautions to ensure the security of their information and to prevent identity theft and fraud.”
She said her office has opened an investigation into the circumstances of the breach and the steps the company has taken to address it and notify customers.
Over 150 million people had their personal information exposed last year. Consumer Reports shares what you can do to protect your data from the next breach.
John Binns, a 21-year-old American hacker living in Turkey, told the Wall Street Journal he was responsible for the hack and blamed lax security at T-Mobile for making it possible.
Binns told the Journal he discovered an unprotected router exposed to the internet in July and used that entry point to access servers at a T-Mobile data center near East Wenatchee, Wash., Hours away. east of the company’s headquarters in Seattle. suburb of Bellevue.
T-Mobile CEO Mike Sievert apologized to customers in a written statement last month, saying he was “very sorry” for the breach and that all of the millions of customers whose personal details had been thefts had been informed.
Sievert said the company is putting a lot of effort into trying to stay ahead of hackers, “but we haven’t lived up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the most difficult parts of this event. “
He said the breach had been contained, the investigation was “essentially complete” and clients’ financial information had not been exposed. He said T-Mobile has hired cybersecurity experts from Mandiant to help with the investigation and is coordinating with law enforcement.
“What we can share is that, in simpler terms, the bad actor took advantage of their knowledge of technical systems, as well as specialized tools and capabilities, to access our test environments, and then used brute force attacks and other methods of sneaking their way into other computer servers that included client data, ”Sievert wrote.
In response to the breach, T-Mobile is offering consumers various free theft protection services, including scam protection and account takeover for their cell phones. These services are accessible through T-Mobile’s website. T-Mobile also recommends that customers reset account PINs and passwords as an added precaution. The company has set up a consumer assistance hotline which can be reached by dialing 611 from a T-Mobile phone or by calling 1-800-937-8997.
T-Mobile has grown into one of the country’s largest mobile operators, along with AT&T and Verizon, after buying rival Sprint last year. It said it has a total of 102.1 million U.S. customers after the merger.
T-Mobile has already disclosed a number of data breaches over the years, although the most recent is the most significant. Sievert said the company was taking steps to improve its security.
The Federal Communications Commission, which regulates mobile carriers, said it is also investigating the violation.