BELLEVUE, Wash.—The alleged hacker behind T-Mobile’s latest cyberattack has spoken out about the August hack.
The breach includes names, driver’s license numbers, Social Security numbers and device identification (IMEI and IMSI) numbers for subscribers, former customers and even prospective customers.
The wireless carrier is reportedly facing three lawsuits that stem from the breach.
John Brinns, the 21-year-old who claims responsibility for the hack, in an interview with the Wall Street Journal detailed the breach that affected over 54 million people.
Brinns shared that T-Mobile had unprotected routers and weak spots in the company’s internet addresses that gave him access to over 100 servers.
He was able to access the data on August 4th; T-Mobile reported the attack on August 16.
How Company Responded
Since the attack, the mobile operator has now been offering free identity theft protection, advanced spam blockers and access to its account takeover protection service to protect postpaid customers from theft of their phone numbers. The company has also reset the PINs for all prepaid customers after disclosing 850,000 accounts, according to Mike Sievert, CEO of T-Mobile.
In a blog post Sievert wrote that there is “no evidence” that financial data such as credit card or other payment information has been compromised, saying that “this security breach does not pose an ongoing risk to customer data.”
Brinns, however, declined to tell the Journal whether he sold the data or whether he was paid to carry out the breach, which could be a bigger problem for those affected, noted analysts.