The T-Mobile customer data breach might not have been a sophisticated data breach — in fact, it might have been relatively trivial. The hacker claiming to be responsible for the attack, John Binns, told the The Wall Street Journal in a discussion that T-Mobile's security was "awful." Binns reportedly broke through by using a readily available tool to find an exposed router, and took a week to delve through customer data stored in a data center near East Wenatchee, Washington.
Binns, who provided apparent evidence to back up his claims of involvement, said he breached T-Mobile and stole the data to create "noise" that drew attention to him. He came forward to highlight his claims he had been kidnapped in Germany and placed into a fake mental hospital. There wasn't any evidence to support that allegation.
T-Mobile declined to comment on Binns' claims in response to the Journal. It previously stated that it was "confident" it had closed the security holes used in the breach, which compromised sensitive info for more than 54 million active and former customers.
The incident is the third breach in two years, and suggests that T-Mobile is still struggling to offer security that matches its rapidly growing customer base. It only hired a new security leader earlier in 2021, for instance. If Binns' claims are accurate, though, the ease of the attack is also frightening — it only took a casual hack to put tens of millions of people at risk of fraud and other data crimes. The company may need to scramble if it's going to reassure customers that breaches will be rare going forward.