Could a security breach de-rail the magenta express train?

T-Mobile, ably led by wild-eyed CEO John Legere, has been causing chaos throughout the US wireless market, but a data-breach could impact the brands credibility in the eyes of customers.

Customer opinion is a fickle thing. It can sometimes only take a minor incident and all of a sudden the brand is as attractive as a turd in a washing machine. T-Mobile has been generating some serious momentum over the last few years, readily stealing subscribers from the likes of AT&T and Verizon by undercutting tariffs, though how much of an impact with a data-breach have on brand perception?

“Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information,” T-Mobile wrote in a statement to customers.

“On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”

According to reports and rumours across the industry, the breach could have left as many as 2.5 million subscribers exposed to the attack. According a T-Mobile spokesperson talking to Motherboard, the incident occurred after hackers compromised company servers through an API, although no further technical details have been disclosed. The attackers are believed to be international.

This is not the first time T-Mobile US has been exposed for security flaws. In May, researcher Ryan Stephenson found a bug which allowed external parties to access customer information just using a phone number. An API used by T-Mobile staff allowed them to look up customer details simply by entering their phone number, though it was not password protected meaning anyone could take advantage of the short-cut if they found the sub-domain. The oversight unveiled a customer’s name, address, billing account number, and in some cases, information about tax identification numbers, as well as security question information.

Every company will have flaws in the system, the perimeters are simply too vast nowadays making the concept of 100% secure almost impossible. The issue here is about credibility; how much of an impact will the news have on customers perception of T-Mobile as a brand and a trusted guardian of their personal information?

As mentioned before, customers are very fickle, especially when much of the attraction to a brand is based on price. Some customers might be asking a simple question now; are a few saved dollars each month worth the risk of my personal information being exposed? T-Mobile has been excellent at hoovering up new subscribers over the last couple of years, but this has been due to highly aggressive marketing moves focused on acquisition. The retention capabilities of the brand have not genuinely been put to the test.

With data protection and privacy high on the agenda following several scandals, most notably the Facebook Cambridge Analytica saga, customers are becoming more sensitive to such incidents. Whether this is enough to de-rail the magenta steam train remains to be seen, but it does ask questions over the company’s credentials.