Top brass at T-Mobile, despite a string of security incidents, insist the company’s investments in cybersecurity are paying off.
“The investments we’ve made in 2022, including in our cybersecurity capabilities, showed up in a critical way a few weeks ago,” CEO Mike Sievert said Wednesday during the company’s 2022 Q4 earnings call.
“After identifying a criminal attempt to access our data through an API, we shut it down within 24 hours. And more importantly, our systems and policies protected the most sensitive kinds of customer data from being accessed,” Sievert told analysts.
The recent breach, the second of two major attacks in the last 15 months, began on or around Nov. 25 and went undetected for almost six weeks, exposing personal data on about 37 million customers.
A massive data breach in August 2021 ultimately exposed personal data of at least 76.6 million people.
The Black Friday attack against the wireless operator exposed roughly half as many people and did not comprise more sensitive PII.
“While I’m disappointed that the criminal actor was able to obtain any customer information, we are confident that our aggressive cybersecurity plan, working with the support of some of the world’s experts, will allow us to achieve our goal of becoming second to none in this area,” Sievert said.
After the earnings call, T-Mobile declined to answer questions about its ongoing investigation and specific areas of investment in cybersecurity. The company pledged to invest $150 million in data security and cybersecurity technology in 2022 and 2023 as part of a $500 million class-action lawsuit settlement it reached last summer.
The latest incident marks T-Mobile’s eighth publicly acknowledged data breach since 2018, and damage is spreading. Google Fi, a virtual network that primarily uses T-Mobile’s infrastructure, earlier this week notified some customers their personal data was also compromised as a result of the attack.
The repeated attacks underscore unresolved challenges for T-Mobile and make it a high-profile target for threat actors, according to analysts.
“Every single communications service provider in this world is the subject of relentless cyberattacks 24 hours a day, 365 days a year,” Stéphane Téral, chief analyst at LightCounting, said via email.
The bigger the target — and T-Mobile, among the world’s 20 largest network operators by market cap, is a top target — the bigger the cyber results, he said. T-Mobile "seems more affected than its peers, but we don’t know the full story.”
The lack of visibility and controls, highlighted by the gap between the threat actor’s initial intrusion and T-Mobile’s detection, is unacceptable, Téral said. It “suggests that something is wrong internally and needs an urgent fix.”