Massachusetts attorney general announces investigation into T-Mobile data breach

Massachusetts Attorney General Maura Healey (D) on Tuesday announced that her office is undertaking an investigation into the recent data breach of T-Mobile that impacted more than 50 million individuals.

The investigation is aimed at understanding if T-Mobile took the proper steps to secure customer data and whether the company has done enough following the breach to respond and notify customers. 

“My office is extremely concerned about how this data breach may have put the personal information of Massachusetts consumers at risk,” Healey said in a statement Tuesday. “As we investigate to understand the full extent of what’s happened, we urge impacted consumers to take the necessary precautions to ensure their information is safe, and to prevent identity theft and fraud.”

The investigation comes a month after T-Mobile disclosed that the records of at least 40 million prospective and former customers and the data of more than 13 million current customers had been compromised through the use of “brute force” by an unknown malicious actor in July. 

Data stolen included customer names, dates of birth, Social Security numbers and driver’s license information for current customers, and T-Mobile said as part of its disclosure that it was working with both law enforcement and cybersecurity group FireEye’s Mandiant to investigate the breach.

T-Mobile did not immediately respond to The Hill’s request for comment on the new investigation by Healey into the incident. 

Healey’s office recommended that individuals who were customers of T-Mobile at any point, or who had applied to be customers, freeze their credit reports, which makes it more difficult for an account to be opened fraudulently under their names. Consumers were also warned to be wary of phishing emails or text messages asking for sensitive data.

T-Mobile CEO Mike Sievert put out a statement last month apologizing for the attack and detailing steps the company was taking to notify individuals whose data had been compromised. T-Mobile set up a website in conjunction with the breach and offered two years of free identity theft protection to victims, along with taking other steps to enhance security.

“Knowing that we failed to prevent this exposure is one of the hardest parts of this event,” Sievert wrote in August. “On behalf of everyone at Team Magenta, I want to say we are truly sorry.”