Although it may not have been a very sophisticated breach of customer data, the T-Mobile data breach could have been trivial. John Binns, the hacker who claimed to have been responsible for the attack, said that T-Mobile's security was "awful" during a conversation with The Wall Street Journal. Binns used a readily accessible tool to locate an exposed router and spent a week looking through customer data in a data center located near East Wenatchee.
Binns provided evidence to support his claims. He claimed that he had breached T-Mobile's security and stolen data in order to make "noise," which attracted attention to him. Binns came forward to claim he was kidnapped and taken to a German mental hospital. This allegation was not supported by any evidence.
T-Mobile did not respond to the Journal's claims by Binns and declined to comment. T-Mobile previously stated it was confident it had closed all security gaps that were used in the breach which exposed sensitive information for more than 54,000,000 customers.
This is the third security breach in as many years. It suggests that T-Mobile continues to struggle to provide security that meets its rapidly expanding customer base. For example, it hired a new security chief in 2021. Binns' claims about the attack are true, but it is still frightening that a simple hack could have put millions at risk of data theft and fraud. If the company wants to assure customers that breaches are unlikely, it may have to act quickly.