My favorite part about all of this is that, as a T-Mobile customer, this is how I find out about the leak. There's not even an alert when I log into my account. Why can't companies be more responsible about these situations?
I still think making customers aware would go a long way. And we only have to go back to the Equifax breach to learn that companies are hardly forthcoming about who is and isn't compromised.
I get your conclusion but that doesn't excuse T-Mobile from notifying customers that their data has potentially been breached. I would much rather be aware that there is a distinct possibility my cell carrier's data on me because I can take some small actions to mitigate any potential damage (change password, update pin, etc). Being aware is half the battle with online security.
I'm not sure that the lack of repercussions is a reasonable excuse. I know companies will use it. I know we might throw our hands in the air and just say its a fact of life. But it doesn't have to be.
I found out about this breach Friday via The Verge. At that point in time, I didn't receive an email/text. So for a while, I figure I'm not part of the subset of users. Then, at 9:11pm that day, I received the text message.