This week’s news of yet another data breach at T-Mobile is a reminder of what a nightmare a data intrusion is. It’s also a nightmare to communicate such an event, and the phone carrier hasn’t done all that good a job of it.

The first problem was how the company found out about the cyber break-in: An underground forum had posted swindled data for sale. Motherboard, Vice’s tech site, reported on Sunday that the goods were from T-Mobile, which said it was investigating. That’s not the greatest way for a company to learn of a data breach, especially when it was hardly the company’s first such incident. At this point, customers have to be asking, “Why does this keep happening?”

On Monday, T-Mobile issued a press release in which it said it had sussed out that a breach had indeed occurred, but it still wasn’t sure what customer info was involved. It was sure it had dammed up the hole the hackers got through. “This investigation will take some time but we are working with the highest degree of urgency,” it said.

Dizzying Detail

Yesterday, T-Mobile issued a second statement. This one was chock-full of dizzying detail. In fact, the groups of people affected are so varied the company really should explain how this is possible. The headline number is that the data of nearly 48 million former, current and prospective customers had been accessed.

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company said. About 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed.

T-Mobile said no financial information, including credit-card information, was compromised. But for some categories, Social Security and drivers’ license data was involved. The company recommended certain customers change their PINs and is offering McAfee’s ID Theft Protection Service for free.

Frankly, the company’s communications were kind of blasé. At least yesterday it launched a web portal with information about the breach.

“Another day, another cyberattack on a major company results in the personal information of millions of people being stolen,” TechRadar quoted Ric Longenecker of cybersecurity outfit. “This has become an all too common occurrence for companies worldwide — and the fifth known data breach for T-Mobile over the past three years.”

Ouch.

Image Credit: VectorKnight/Shutterstock

Sign up for our free weekly newsletter on crisis communications. Each week we highlight a crisis story in the news or a survey or study with an eye toward the type of best practices and strategies you can put to work each day. Click here to subscribe.