• Operator’s Q3 numbers indicate few customers ditched its services in wake of high‑profile data breach in August.
  • Competitor exploitation of Sprint integration challenges highlighted as bigger issue, albeit one T‑Mobile intends to make “short‑lived.
  • T‑Mobile highlights organisational and cultural changes in response to attack.


T‑Mobile rides cyberattack storm

Source: Flickr/SoulRider.222/Eric Rider

T‑Mobile US (TMUS) indicated it had escaped August 2021’s wide‑scale data breach with a mere “muted” bump in performance trends.

The NatCo, which reported its results for the quarter to 30 September 2021 (Q3 FY21) in early‑November 2021, did not break out any specific numbers on the impact of the breach — the latest in a line of recent high‑profile data protection slipups by the self‑styled UnCarrier (Deutsche Telekomwatch, #107).

There were no major lurches in its key commercial metrics, however, with the report showing only a slight worsening in contract phone churn (to 0.96%) and net contract customer adds (to 1.26 million) when measured against trends in Q2 (0.87% and 1.28 million, respectively).

And executives appeared less preoccupied with the impact of the attack than with turnover of Sprint customers — as TMUS continues its push to migrate them onto its own platforms without allowing rivals to muscle in.

Growth goes on

TMUS ended Q3 with its total customer base at 106.9 million, up from 100.4 million a year earlier, boosted by both its strong ongoing organic growth and this year’s purchases of wireless assets from Sprint affiliates Shentel and Swiftel (Deutsche Telekomwatch, #101 and #106).

As with almost every quarter it reports, the operator played to the crowd by raising multiple elements of its guidance. It said it now expects to generate 5.1 million–5.3 million net contract subscriber adds across FY21, having reset its floor at 5.0 million after Q2 (and having targeted 4.0 million+ at the start of the FY).

Chief Executive (CEO) Mike Sievert acknowledged TMUS had experienced a “muted effect” in the aftermath of the attack, but finished Q3 “much stronger” and was “seeing nice trends as we entered the fourth quarter”, he noted.

“ That shows that while [this was] a big event and something we were very, very sorry happened, [it was] something that customers have generally prepared themselves to move on from. And so that’s good.

— Sievert.

As well as assuaging fears on WallStreet, the numbers will have been met with some relief back in Bonn, with Deutsche Telekom currently working to expand its stake — now its largest business by far — and having long sought to characterise the T brand as a trustworthy guardian of customer data in the wake of a major personal information scandal in the mid‑2000s.

Attack prompts organisational and cultural revamp

Operationally, further changes filtered out from TMUS as it identifies weaknesses in its security defences and seeks to shore them up.

Sievert said the NatCo has now completed a “forensic investigation” into the causes of the attack, supported by partnerships formed in late‑August 2021 with US cybersecurity player Mandiant and consultancy KPMG (Deutsche Telekomwatch, #107).

Following the review, the CEO said he had decided to create a “Cyber Transformation Office” within the business, reporting directly to me”.

This could suggest he is not only taking a more direct grip of security matters, but also seeking more control of how it develops and runs its broader IT stack, which is an area where TMUS has had a lot going on with integration of its various buyouts, but typically says little on what is happening under the hood. It is unclear who holds responsibility for security within the NatCo’s technology hierarchy — whether President of Technology Neville Ray, Chief Information Officer Brian King, or Chief Technology Officer Abdul Saad.

Internally, TMUS is “further building a security-forward mindset into our work and our culture”, Sievert added.

The August 2021 incident came to light when a Motherboard report highlighted data on tens of millions of people was being sold online, having purportedly been lifted from T‑Mobile servers. The operator then acknowledged the hacker had gained “unauthorised access” to personal information on 13.1 million of its contract customers, as well as 40.7 million “former or prospective customers who had previously applied for credit with TMobile”. Following the breach, T‑Mobile teamed with Mandiant to give it “additional expertise” in security, and enlisted KPMG to help “identify gaps and areas of improvement” in its policies and performance tracking. The purported attacker had told the WallStreet Journal that TMUS’s security was “awful.

Execs bat off rival incursions

Financially, there was a more mixed picture with TMUS’s results than normal, although all major dials continued to move in the right direction:

  • Revenue rose 2%, to $19.6bn (€16.9bn). Local reports indicated this did not meet analyst consensus.
  • Service revenue grew 4%, to $14.7bn — a “recordhigh”, according to the operator.
  • Adjusted “core” earnings before interest, taxation, depreciation, and amortisation increased 4.5% to $6.0bn, which was again described as a “record high” and as matching or beating analysts’ estimates.
  • TMUS raised its FY21 cashflow guidance to $5.5bn–$5.6bn, from $5.2bn–$5.5bn, on the back of faster‑than-expected progress in integrating Sprint assets following the April 2020 mega‑deal. The operator said it has now shifted approximately 90% of Sprint customer traffic and 53% of Sprint customers to its own network. During FY21, it expects to generate merger synergies of $3.2bn–$3.5bn, up from earlier guidance of $2.9bn–$3.2bn.

The presentation itself, and accompanying Q&A, again featured much discussion over revenue ‘quality’, with stakeholders and analysts evidently jittery over aggressive promotions by rival AT&T — painted by TMUS as a bid to tap into user outflow during the Sprint integration process — and the extent to which operators are inflating sales growth by ‘grossing’ more costly content and mobile venture network operator turnover.

Chief Financial Officer Peter Osvaldik responded to the former by suggesting the industry is being “unfairly painted with a broad brush based on the actions of one player”. “At TMobile, we take most of our promotional expenses upfront with only a minimal amount amortised through the balance sheet. [There is] no point in kicking the can on expenses when you are a sustainable growth company”, he added.

Sievert acknowledged that turnover in the Sprint base had a significant impact on TMUS’s customer trends, confirming that, without the issue, it would have generated 1.2 million net contract phone adds in Q3, against 673,000 in reality. He considered rivals to be “feeding to a small extent on our integration-driven Sprint churn”, saying “investors will have to ask themselves whether you believe that’s going to be very shortlived and not only not be a tailwind for them anymore, but will turn around”.

Regarding the latter issue, Osvaldik stressed that “our content costs are treated as contra revenue. That’s a reduction to our ARPU [average revenue per user]”.