The third largest wireless carrier in the country admitted to a data breach affecting 40 million customers and prospective customers last week. That number grew to 54 million Friday after the FCC said it would investigate the incident. Images from the dark web show the data is for sale and includes user’s name, address, phone numbers, drivers’ license, Social Security number, and date of birth. The breach not only impacts current users, but also former customers, and prospective customers who gave T-Mobile their information to run a credit check but are not current customers of the wireless provider.
The company is facing criticism because this is their fifth data breach in four years. Even though this is by far the largest breach, it follows two attacks in 2020, one in 2019, and one in 2018. Security professionals are also criticizing T-Mobile’s communication to their customers. Some users received a text message about the breach, while others did not. The company released a statement that in part said, “We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information…” This is an oversight because the data in the breach is everything a criminal would need to open new lines of credit in the victim’s name.
The other major concern is the breach could open victims up to SIM swapping. Criminals can use the data in the breach to convince the wireless carrier that they need a replacement SIM card for their number. Once the criminal has taken over a user’s phone number, they can use it to access two-factor authentication codes, and log into more secure accounts like banking and credit card accounts.
What to do if you’re a T-Mobile customer?
First, change login passwords and PIN numbers. T-Mobile allows users to log in using their phone number, so if a criminal can find your password in another data dump and connect it with the PII from this breach they may be able to log in. Additionally, the PIN numbers for pre-paid customers were included in the breach.
Experts are suggesting customers should freeze their credit reports until T-Mobile has more information on whose data was lost. All three credit bureaus allow users to put a lock on their report so if someone attempts to open credit in their name, it will be blocked, and the user will be notified.
T-Mobile is offering a free service to prevent someone from transferring a phone number to another carrier called “Account Takeover Protection.”
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
