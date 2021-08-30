EAST WENATCHEE — An unprotected router in T-Mobile’s data center near Pangborn Memorial Airport was the entry point for a July hack that compromised data of about 54 million users, including company customers, former customers and prospective customers.
T-Mobile confirmed the breach Aug. 17 and worked with security experts to close the access points.
“We are confident that there is no ongoing risk to customer data from this breach,” T-Mobile CEO Mike Sievert said Friday in a post on the Bellevue-based company’s website.
A story published in The Wall Street Journal on Thursday said the hacker claiming responsibility for the attack is John Binns, a 21-year-old Virginia man living in Turkey. In an interview with the WSJ, Binns said he had searched for weaknesses in T-Mobile’s network and eventually found it in East Wenatchee. Once he gained access, he was able to search more than 100 servers and downloaded personal data of millions of people, according to the Wall Street Journal story.
"I was panicking because I had access to something big. Their security is awful," Binns is quoted in the Wall Street Journal. "Generating noise was one goal."
He said he acquired login credentials for databases inside T-Mobile systems. The company previously reported hacks in January this year, March 2020 and in 2018.
T-Mobile opened its Polaris Data Center in April 2009. It’s one of the tenants in Sabey’s Intergate.Columbia data center complex at 4405 Grant Road.
Binns has not been charged. The FBI’s Seattle office is investigating the incident.
In the interview, Binns said the attack was in retaliation for his treatment by U.S. law enforcement agencies. He had filed a lawsuit in November against the FBI, CIA and Justice Department claiming he was being investigated for cybercrimes and accused of being part of an Islamic State militant group. He claimed he had been abducted and tortured by U.S. law enforcement agencies and placed in a fake mental institution.
T-Mobile said the breach did not expose customer financial information, credit card information, debit or other payment information but did compromise the Social Security numbers, names, addresses, dates of birth and driver’s license/ID information of former or prospective customers. Other information accessed included phone-linked data.
“We recognize that many are asking exactly what happened,” Sievert said in his statement. “While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details. What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data. In short, this individual’s intent was to break in and steal data, and they succeeded.”
Sievert said T-Mobile has contacted its customers and is working on notifying former and prospective customers. The company is offering information to those who have been affected about how to protect themselves including two years of free identity protection services with McAfee’s ID Theft Protection Service and T-Mobile’s free scam-blocking protection. A website has been set up to provide more information at wwrld.us/TMobilebreach.