Like the entire telecommunications industry, T-Mobile has been closely monitoring ongoing reports about a series of highly coordinated cyberattacks by bad actors known as “Salt Typhoon” that are reported to be linked to Chinese state-sponsored operations. Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile. To clear up some misleading media reports, here is what we’re currently seeing, much of which we believe is different from what is being seen by other providers.
Simply put, our defenses worked as designed – from our layered network design to robust monitoring and partnerships with third-party cyber security experts and a prompt response – to prevent the attackers from advancing and, importantly, stopped them from accessing sensitive customer information. Other providers may be seeing different outcomes.
We have shared what we’ve learned with industry and government leaders as we collectively work to combat these large-scale, sophisticated national threats. Last week, I had the opportunity to join a meeting at the White House with other leaders to discuss how we’re mitigating these threats. As we all have a mutual goal to protect American consumers, we felt it was important to communicate more about what we’ve seen with providers who may still be fighting these adversaries.
Prevention of Cyber Attacks
No system is immune to cybersecurity attacks. Technology companies and wireless providers like ours experience hundreds and sometimes thousands of attempted attacks of various degrees every day, so my team and I must stay vigilant. We work each day to stay ahead of what’s to come, constantly adjusting our approach as bad actors adjust theirs.
Following some incidents we experienced a few years back, we set out to undertake a cybersecurity major transformation, making a massive investment in our program and focusing on enhancing four key areas:
As we know that attackers will not stop and neither will we, so we’ve gone even further, investing in new enhancements and bolstering measures we already had in place such as:
Also, it’s important to mention that T-Mobile’s modern and advanced telecommunications infrastructure provides additional security advantages. Our wireless network built on standalone 5G technology offers advanced device authentication, enhanced encryption, and improved privacy protections. It tends to be newer and has more security capabilities versus older 4G systems. (You can check out more on the benefits of 5G standalone technology here.) Additionally, T-Mobile has minimal operations in wireline networks (e.g., cable, copper, or bulk fiber) and provides service almost exclusively within the U.S. This simplifies the management and security of our systems. Our consumer fiber offerings are also separate isolated networks from our wireless network infrastructure.
These are just a few examples of what we’re building and supporting but our work is never done. Cybersecurity is a journey not a destination.
Our Commitment
As an industry and country, we are now seeing activity from the most sophisticated cyber criminals we’ve ever faced, and as such, we can’t make any promises with absolute certainty. But I can tell you that our commitment to our customers is clear: T-Mobile will work tirelessly to keep customer information secure, safeguarding our network, responding swiftly to threats, and investing in security. We are humbled by the trust our customers place in us, and we do not take this responsibility lightly.