T-Mobile's chief executive Mike Sievert issued an apology Friday after the company failed to prevent a "malicious cyberattack" on the company's systems, exposing the private data of over 50 million people.
"The last two weeks have been humbling for all of us at T-Mobile," Sievert said in an open letter. "To say we are disappointed and frustrated that this happened is an understatement."
He added that knowing T-Mobile failed to protect the data for current, former and prospective customers "is one of the hardest parts of this event."
"On behalf of everyone at Team Magenta, I want to say we are truly sorry," he said in a letter to customers.
Earlier this month the company confirmed that the names, Social Security numbers and information from driver’s licenses or other identification of just over 40 million people who applied for T-Mobile credit were exposed. The same data for about 7.8 million current T-Mobile customers who pay monthly for phone service also appears to be compromised.
T-Mobile also confirmed that approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed.
Despite efforts to stay ahead of cyberattacks, Sievert admitted that the company failed to "live up to the expectations we have for ourselves to protect our customers."
T-Mobile, which became one of the country’s largest cellphone service carriers after buying rival Sprint last year, has been hit before by data theft, but in the most recent case "the sheer numbers far exceed the previous breaches," said Gartner analyst Paul Furtado.
Sievert also noted in the letter that the company is aware of how the "bad actor illegally gained entry" to its servers and the company has since closed that entry point.
"We are confident that there is no ongoing risk to customer data from this breach," he said.
To date, the company has contacted "just about every current T-Mobile customer or primary account holder" who had their data breached.
The company said it will immediately offer two years of free identity protection services and is recommending that all of its postpaid customers — those who pay in monthly installments — change their PIN. Its investigation is ongoing.
The Associated Press contributed to this report.