T-Mobile Data breach. Over 40 million customers' information may be exposed.
If you are a T-mobile customer your information may be on sale on the dark web. The scary thing is that T-mobile doesn’t even know what kind of customer information was stolen in the breach.
The breach is still under investigation but as of a posting on August 20, 2021, on their website this is what was found:
- We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs, and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
- We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised. We have since identified an additional 667,000 accounts of former T- Mobile customers that were accessed with customer names, phone numbers, addresses, and dates of birth compromised. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
- Separately, we have also identified further stolen data files including phone numbers, IMEI, and IMSI numbers. That data included no personally identifiable information.
- We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit, or other payment information.
- As we previously reported, approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were exposed. We have proactively reset ALL of the PINs on these accounts. Similar information from additional inactive prepaid accounts was also accessed. In addition, up to 52,000 names related to current Metro by T-Mobile accounts may have been included. None of these data sets included any personally identifiable information. Further, none of the T-Mobile files stolen related to former Sprint prepaid or Boost customers.
So what should customers do after this breach?
- Immediately change your password and pin numbers.
- Find out what services T-mobile is offering customers to protect them from identity theft.
- Monitor your credit reports for any suspicious activity. If you know you are not going to be opening up any new credit line soon, freeze your credit. Connect with all three credit bureaus and put a freeze on each one.
- Contact your banks and retirement fund companies. Ask them what other security protocols you can put in place on your account so no one can access them.