T-Mobile’s Customers’ Private Information Compromised

T-Mobile discovered on August 17th that over 40 million current, former, and prospective customers’ private information had been compromised. They are still in the process of investigating the extent of the breach but confirmed that their clients’ personal information was accessed and stolen. This information includes names, driver’s license information, government identification numbers, and Social Security numbers.

T-Mobile issued the following statement on their blog post: “Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

The day before the announcement, it was reported that a cybercriminal was trying to sell customer data on an online underground forum for $270,000. The forum did not list the data source but the seller disclosed the information was in fact T-Mobile’s to Vice’s Motherboard, an online tech news website. The hacker also confirmed that T-Mobile was able to block the penetrated server but only after the hackers had already downloaded the customers’ data. T-Mobile is offering two years of free identity protection service to all customers.

Data breaches are rampant in 2021’s digital-first world. You may not be able to control what happens to the companies or vendors who legitimately have your data, but there are measures you can take to avoid further damage in case your information is compromised.

Here are some of the steps we recommend:

  • Enable multi-factor authentication on all of your accounts.
  • Change your passwords on all platforms regularly and do not record passwords in an insecure place such as a note near your computer.
  • Sign up with a password management provider.
  • Always look over your account summary from financial institutions to make sure there is no suspicious activity on your account.