I wrote last week about T-Mobile's response to the breach that affected more than 50 million people. My point was that the company's response left many questions unanswered, and led to confusion among many T-Mobile customers who are concerned about whether their personal information is at risk.
More than a few T-Mobile customers reached out to share their stories of trying to get more information, either by calling customer support or visiting a retail store. In most cases, the stories were similar. Their attempts to better understand what personal information was at risk ended up with retail employees seeking to downplay the event while failing to provide much information.
These exchanges made me think more about T-Mobile's response, so I started looking into how the company's retail employees were handling the breach. For example, one customer shared their experience of walking into a T-Mobile retail store and being told that the breach was "probably just some kids messing around."
To find out whether these responses were typical, I visited a half dozen T-Mobile retail stores. I am, after all, a T-Mobile customer, although--to my knowledge--my information was not included in the breach.
"We're not really supposed to talk about it with customers," one T-Mobile employee told me. Another said that they had been instructed to tell customers that it's "not that big of a deal, and only affected less than half of our customers."
When I mentioned to the first employee that--in addition to being a customer--I was a tech journalist and was interested in what the company had told them about answering customer questions, the first employee asked me to leave the store. I did.
At another store, an employee told me that the entire story has "mostly been blown out of proportion by the media." When I identified myself as a part of that media, I was told that company policy doesn't allow individual stores to speak on behalf of the company.
In a statement, T-Mobile did tell me that the experience I had "does not reflect how we want customers to be treated and we absolutely assure you there has not been any direction to 'downplay' this serious incident."
I believe that the company isn't telling employees to downplay the incident. And none of the things employees told me are the official position of the company. They weren't official statements, and I have no way of verifying whether they were true. When I asked to see what instructions the company had given store employees, the company declined to make that information available.
Still, information is hard to come by. At one store, a manager told me that they didn't have the ability to look up whether a customer's information had been compromised, but they suggested that I contact customer service. They also told me that I could register for the McAfee product the company was offering all of its customers.
"As this investigation has unfolded, we've been working as quickly as possible to ensure our people have the information they need across thousands of stores and Care centers to support customers just like you who have questions and need answers," a company spokesperson told me.
On Friday, the company posted a blog post from CEO Mike Sievert saying that the company has made "supporting our customers a top priority--from answering questions to helping customers get access to tools and best practices that will help them protect their information."
I think T-Mobile genuinely wants to help its customers. Unfortunately, good intentions don't eliminate confusion--good communication does. That's an important lesson for every business. Sometimes the thing you're trying to communicate is different from the experience your customers have when they walk in the door.
That's the reality of any large company, but it doesn't change the fact that customers are confused about what they should do to protect themselves. When they walk into a store and are told that "it's not a big deal," it doesn't inspire the kind of confidence the company should be focusing on.
More important, while the heat has largely died down on T-Mobile since last weekend, that doesn't change the fact that whoever stole its customers' information still has it. The next time those customers think about the breach will likely be when they discover their information has been used or an account has been opened in their name. That's certainly nothing to downplay.