Massive T-Mobile Data Breach: Safeguard Your Data Now
Last week, wireless carrier T-Mobile confirmed reports of a major data breach in which hackers obtained personal information belonging to more than 46 million past, present and potential customers.
In a sign that the extent of the data breach is more severe than previously expected, T-Mobile later confirmed that personal data belonging to an additional 7.8 million customers was also obtained in the hack. This brings the total affected customers to nearly 54 million.
For those keeping count, this is the fifth data breach the wireless carrier has suffered in the past three years, but according to cybersecurity analysts, this is “the worst breach they’ve had so far.”
Who Was Affected?
T-Mobile says preliminary analysis of the breach indicates that the stolen files contained account information from approximately 850,000 T-Mobile prepaid customers and 7.8 million regular monthly customers, as well as more than 40 million records related to former or prospective customers who had applied for credit with T-Mobile.
For prepaid customers, the exposed data included:
Names
Phone numbers
And account PINs
T-Mobile has proactively reset the PINs on those accounts.
For postpaid (contract) customers, the exposed data included:
First and last names
Dates of birth
Social Security numbers
And driver’s license/ID information
However, their phone numbers, account numbers, PINs, passwords, and financial information were not compromised, the company said.
How to Protect Yourself
T-Mobile says it has “sent communications to millions of customers and other affected individuals” and encourages customers to visit a new webpage meant to help secure those people against “cybersecurity threats.” The page does not offer a way to determine whether your account is one of those affected by the breach.
The company’s suggestions are a start, but if you’re concerned that your personal information is vulnerable, here are a few things you should consider doing right now.
Change your password and PIN
T-Mobile suggests changing your account password and PIN should be one of the first things you do. That’s because the personal information made available through the data breach can give an attacker almost everything they need to gain access to your T-Mobile account. (This is especially true for 850,000 of the company’s prepaid phone customers, who had their account PINs leaked alongside their names and phone numbers.) And once an attacker has access to one of your accounts, more are likely to follow.
Freeze your credit
Some of the highly personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. Affected customers should consider freezing their credit reports. You’ll have to contact each of the three major credit bureaus — Equifax, Experian and TransUnion — with your requests, but freezing your credit is completely free, doesn’t affect your credit score and prevents anyone with your personal information (including you) from opening new lines of credit.
Rethink multi-factor authentication
If you’re even mildly security-conscious, you might already have multi-factor authentication enabled on your online accounts. But, if you’re concerned your data has been compromised as part of this breach, you may want to rethink how you use MFA. With the hacked data, cybercriminals could gain access to your phone number through a SIM-swapping attack. If you have your accounts set up to send you a text message as your second authentication factor, the criminals could easily access the accounts you think are secure.
Continue to monitor the situation
T-Mobile’s investigation is really only getting started, but new updates are being shared at a fairly rapid clip. In the company’s Friday update, T-Mobile confirmed that the scope of the hack was larger than it had previously reported, and noted that in some cases, the attacker also obtained identifiers specific to people’s phones. It’s going to be important that you stay up to date as the breach specifics continue to unfold to ensure you take the necessary steps to secure your data.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.