Well, T-Mobile’s latest data breach is an unwelcome blow to the Un-Carrier. According to The Verge, things only seem to be getting worse. Originally, around 100 million customers’ information was thought to have been stolen. This number was given by someone in possession of the data. Well, that number is a bit inflated.
That doesn’t mean that the situation isn’t still dire. In fact, T-Mobile says that 47 million customers are closer to the truth. This information came from T-Mobile’s first statement. Of that 47 million, 7.8 million on-contract or postpaid customers have had their first & last names, date of birth, Social Security Numbers, and driver’s license numbers stolen.
Yikes. All that information is very sensitive. In addition to this those customers’ phone numbers and IMEI/IMSI numbers were stolen. Both the IMEI (international mobile equipment identity) and the IMSI (international mobile subscriber identity) can be used to track mobile devices.
In addition, malicious parties can use the IMSI to implement SIM swapping attacks. This is when the malicious party takes over your phone number. Once they do this, they can get any important messages that should go to you. This even includes two-factor authentication codes.
T-Mobile’s latest data breach sees an additional 5.3 million victims
The bad news does not stop there. An additional 5.3 million postpaid customers are a part of this breach. These 5.3 million customers are also a part of the stolen data, but there is a bit of good news. These customers did not have their driver’s license/ID or Social Security Numbers stolen. So that is a silver lining.
Even former customers aren’t safe. 667,000 former T-Mobile are also in this data breach. 52,000 customers of Metro by T-Mobile also are victims of this new T-Mobile data breach. However, Sprint prepaid and Boost Mobile customers are safe.
Continuing the unfortunate news is that an unspecified number of files contains“phone numbers, IMEI, and IMSI number.” Thankfully, no personally identifying information connects this information. This means no names, SSN, etc.
This new breach will continue to have new updates as the FCC is still investigating the matter. That’s the good news. However, T-Mobile does have at least one class-action lawsuit against it. More news surrounding this breach will continue to trickle in as the FCC continues investigating. Hopefully, the situation doesn’t get any worse.
Data breaches are nothing new. But, T-Mobile hasn’t had the best luck as of late. Hopefully, the company can get past this and move on.