The T-Mobile customer data breach might not have been a sophisticated data breach in the world — in fact, it might have been relatively trivial. The hacker claiming to be responsible for the data breach attack, John Binns, told the The Wall Street Journal in a discussion that T-Mobile’s security was “awful.” Binns reportedly broke through by using a readily available tool to find an exposed router and took a week to delve through customer data stored in a data center near East Wenatchee, Washington.
Binns, provided apparent evidence to back up his claims of involvement, said he breached T-Mobile and stole the data to create “noise” that drew attention. He came forward to highlight his claims he had been kidnapped in Germany and placed into a fake mental hospital. There was not any evidence to support that allegation.
T-Mobile declined to comment on Binns’ finding in response to the Journal. It previously stated that it was “confident” it had closed the security holes used in the breach, which compromised sensitive info for more than 54 million active and former customers.
The incident is the third breach in the last two years and suggests that T-Mobile is still struggling to offer security that matches its rapidly growing customer base. It only hired a new security leader earlier in this year, for instance. If Binns’ claims are accurate, though, the ease of the attack is also frightening — it only took a casual hack to put tens of millions of people at risk of fraud and other data crimes. The company may need to rework if it’s going to reassure customers that breaches will be rare going forward.