CEO Mike Sievert said in a written statement Friday that the company spends lots of effort to try to stay ahead of criminal hackers "but we didn't live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event."

The company disclosed earlier in August that the names, Social Security numbers and information from driver's licenses or other identification of just over 40 million people who applied for T-Mobile credit were exposed in a recent data breach. The same data for about 7.8 million current T-Mobile customers who pay monthly for phone service also appeared to be compromised.

Sievert's statement follows a Thursday report in the Wall Street Journal in which John Binns, a 21-year-old American hacker living in Turkey, told the newspaper he was responsible for the hack and blamed T-Mobile's lax security for making it possible.