T-Mobile slinks back to normal levels after security breach

T-Mobile
T-Mobile CFO Peter Osvaldik said they definitely saw some customer cautiousness following news of the data breach.

Last month’s data breach is still very much on the minds of T-Mobile and its investors, but the operator is starting to see things get back to normal, according to EVP and CFO Peter Osvaldik.

T-Mobile revealed in mid-August that more than 50 million people – including current, former, and prospective customers – had some of their personal data stolen. Customers’ first and last names, date of birth, Social Security numbers and driver’s license/ID information were among the items that were stolen.

Once the breach came to light, T-Mobile reacted quickly to shut down the attack and launch a full-scale investigation, coordinating with law enforcement, Osvaldik said during a BoA Securities investment conference Tuesday.

“Right now, we’re working to diligently” and rapidly to get in touch with all of the consumers who were  impacted so that they’re informed of what happened and do what they need to protect themselves, he said. “We believe at this point that we’ve notified every current customer and account that was impacted.”

As it relates to the quarter and the financials, “we definitely saw some temporary customer cautiousness as you would expect, both in terms of gross adds as well as churn immediately following that breach,” he said. “Now that we’re a couple weeks past it, we’ve seen consumers have moved past it and our flows are beginning to normalize.”

That likely reflects the unfortunate reality that data breaches have just become all too common in recent years, he said. “But we are seeing the flow normalize.”

His comments are notable given that a lot of folks were wondering how much T-Mobile would suffer if consumers decide to jump ship or think twice about converting to T-Mobile given the breach. Of the big three, T-Mobile especially likes to boast about being the one to benefit most when switching activity is high among consumers. (In the second quarter, it was AT&T that posted big wireless subscriber gains, with 789,000 postpaid net phone additions compared with T-Mobile’s 627,000.)

RELATED: Is T-Mobile’s data breach going to hurt subscriber metrics?

From a financial perspective, there could be ramifications in the long term, such as from regulatory investigations. However, costs associated with immediate actions that T-Mobile took, such as experts that it hired and protection offered to consumers, are not expected to have a material impact in either the third quarter or the second-half results.

He noted that T-Mobile does have a sizable cyber insurance policy that should cover certain expenses as they work through some of the potential regulatory aspects and class action lawsuits.

“At the end of the day, despite all of this, we remain confident in delivering our full-year results,” including guidance issued in the second-quarter earnings call, which included postpaid net additions of 5 million to 5.3 million. They currently believe that adjusted EBITDA will come in near the high end of the $23 billion to $23.3 billion range.

In addition to how it responded to this breach, T-Mobile is taking “significant steps” to enhance security and fight back against criminals, as CEO Mike Sievert outlined in his blog a couple weeks ago. The company struck long-term partnerships with cybersecurity experts at Mandiant and with consulting firm KPMG LLP.

RELATED: T-Mobile CEO says hacker used ‘brute force’ attacks to breach IT servers

Another topic of high interest is T-Mobile’s relationship with Dish Network, which is using T-Mobile’s network as part of an MVNO arrangement worked out by the government in approving the Sprint/T-Mobile merger.

Dish has complained about T-Mobile’s plan to shut down Sprint’s CDMA network in January 2022, which it says will negatively impact Boost Mobile customers. Dish subsequently struck a new network deal with AT&T.

T-Mobile always assumed a portion of the Dish subscribers would leave its network as Dish builds out its own 5G network, but it’s happening sooner than expected. Another question is if this disagreement impedes T-Mobile’s ability to shut down the Sprint CDMA network and realize cost  synergies.

Dish has indicated its plan to continue using T-Mobile as a network provider and “we certainly look forward to supporting Dish as a customer,” and making sure they receive what they need, Osvaldik said.

While there is potential risk in MVNO revenue falling off quicker than originally planned, “we’re still on track to deliver the mid-term guidance” as well as the long-term guidance that T-Mobile shared on its analyst day earlier this year.

“Our Number One goal has always been to get customers on the latest and greatest network, and the latest technology,” he said. “That continues to be our goal” and the conversation with Dish continues on how fast customers are migrated.