The information of more than 40 million people was stolen in a cyberattack against T-Mobile, exposing social security numbers, first and last names, birthdays, and PINs, among other data. The individuals affected include 7.8 million current customers, as well as 40 million former or prospective customers. A data breach for a major company such as T-Mobile has the potential to be devastating and far-reaching, highlighting the importance of crisis management.

Crisis Management Defined

Discussed in Chapter 6: The Nature of Management, crisis management (or contingency planning) is an element in planning that deals with potential disasters such as product tampering, oil spills, fire, earthquake, computer virus, global pandemics, or even a reputation crisis due to unethical or illegal conduct by one or more employees. Businesses that have well-thought-out contingency plans tend to respond more effectively when problems occur than do businesses that lack such planning.

Though some disasters are unpredictable, data breaches have been a growing concern for companies. T-Mobile has faced several major data breaches in the past. Other major companies to face recent cyberattacks include Volkswagen Group of America, Facebook, Kroger, Microsoft, CVS Health, and GEICO.

Crisis Management Best Practices

Be the first to disclose a crisis. T-Mobile only announced the cyberattack after Vice reported it. Vice reported someone in an online forum was attempting to sell stolen data, allegedly belonging to T-Mobile. The mobile company confirmed the following day but provided few details. Failing to report the news first casts T-Mobile in a negative light. It is tempting for a company to wait until it has all of the information before commenting, but firms risk losing public goodwill by remaining silent for too long.

Keep stakeholders informed. While T-Mobile took a day to confirm the cyberattack, it eventually issued a press release on its website that detailed the events that occurred, T-Mobile’s investigation, results of its preliminary analysis, and remedies to protect customers.

Help those affected. The data breach affected more than 40 million individuals, and T-Mobile has a responsibility to help those people. The company offered two years of free identity protection services through McAfee and provided customers with instructions on how to change their PIN. Additionally, T-Mobile published a dedicated web page to detail the breach and ways customers could protect themselves.

Prevent a Crisis. As hackers become more and more sophisticated, it will be increasingly challenging for companies to ward off attacks. This is especially concerning because many companies do not have sufficient security protocols in place to protect personal data.

The fact that data breaches and other crises are imminent makes contingency planning critical. Companies should have a plan in place that is coordinated across legal, communications, and technology staff, as well as top-level management.

In the Classroom

This article can be used to discuss planning and crisis management (Chapter 6: The Nature of Management).

Discussion Questions

  1. What is crisis management and why is it important?
  2. What can companies do to protect personal data?
  3. Does the threat of a data breach affect how you interact with businesses?

This article was developed with the support of Kelsey Reddick for and under the direction of O.C. Ferrell and Linda Ferrell.


Edward Segal, "T-Mobile Data Breach Underscores Importance Of Crisis Management Best Practices," Forbes, August 18, 2021,

Isabella Grullón Paz, "T-Mobile Says Hack Exposed Personal Data of 40 Million People," The New York Times, August 18, 2021,

T-Mobile, "T-Mobile Shares Additional Information Regarding Ongoing Cyberattack Investigation," August 18, 2021,