T-Mobile has been in the headlines quite a bit lately, and it’s not a good thing. Its customers’ data has been breached yet again. It’s not the first time, not even the first time in 2021.
This latest data breach was uncovered by Motherboard, and claims that 100 million T-Mobile customers had their data breached in this attack. That loosely translates to all of T-Mobile’s customers. That is a very big deal.
Today, we’re going to go over what data was hacked in this breach, and what you can do to protect yourself. This should hopefully help you protect your data a bit better, and perhaps answer the question of whether you should leave T-Mobile or not.
What actually happened?
A hacker got its hands on data from virtually every single T-Mobile customer. And he was selling it for around 6 Bitcoin. At the time, that translated to about $270,000 USD. That amount only covered around 30 million social security numbers and driver licenses. The seller decided to privately sell the rest of the data.
T-Mobile later came out after it did its investigation on the issue, and said that around 850,000 prepaid customers and 7.8 million postpaid customers were breached. Along with more than 40 million records related to former or prospective customers who had applied for credit with T-Mobile.
That’s a whole lot less than what the hacker claimed to have stolen from T-Mobile. The number of hacked accounts really doesn’t matter, it’s the fact that they were hacked. And T-Mobile desperately needs to step up its cybersecurity.
This isn’t the first T-Mobile breach this year. And has had five cyberattacks since 2018. Which makes this latest breach pretty troubling. But also not surprising. It seems like it’s every other week we’re hearing about another company being hacked and personal data being stolen.
Many law firms have already taken action and filed class-action lawsuits against T-Mobile in Washington state (where T-Mobile is headquartered) seeking compensatory damages. As well as reimbursement for out-of-pocket costs, improvements to T-Mobile’s data security systems, future annual audits and adequate credit monitoring.
For the most part, it’s not if your data is breached, but when.
What data was breached?
The hackers stole a lot of data in this particular breach. It’s pretty insane how much data they managed to get their hands on actually. In fact, Rick Tracy, the chief security officer at Telos, which is a cybersecurity firm, stated that “if it’s true, it’s a treasure trove of personally identifiable information. This was a lot of data for a lot of customers. Unauthorized access should have triggered an alarm.”
Tracy is absolutely right here. The hackers took basically all of the data for these customers.
For prepaid customers, hackers stole their names, phone numbers, and account PINs. T-Mobile has reset all of the PINs on those accounts that were breached. But T-Mobile is still recommending everyone reset their PIN just in case.
Interestingly, no customers from Metro by T-Mobile, Sprint prepaid or Boost Mobile customers had their information breached. Just regular T-Mobile Prepaid.
Postpaid, former and prospective customers
The data stolen in this group is different from the prepaid customers, because these are those that applied for financing. To do a monthly installment plan on their new phone – which Prepaid customers don’t have that option.
For postpaid customers, their names, date of birth, social security number and driver’s license/ID information was stolen. And the same goes for former and prospective customers that applied for financing.
T-Mobile says that phone numbers, account numbers, PINs, passwords and financial information was not compromised, however.
How you can protect yourself from these data hacks
Whether your data was breached or not, it’s a good idea to take these steps to protect your data. Even if it didn’t get hacked this time, that doesn’t mean it won’t in the future (or hasn’t in the past). Here are a few ways to protect yourself and your data.
Freeze your credit
Freezing your credit is the best way to protect yourself from identity theft. However, you will need to contact all three credit bureaus to make this happen. That includes Equifax, Experian and TransUnion. The freeze is free, and all three credit bureaus give you a free credit report each year.
When you do freeze your credit, it’s going to require some extra work when you want to apply for new accounts like a credit card, car loan or even to rent an apartment. But it is worth it, for that peace of mind. Additionally, you won’t be opening new accounts all that often.
It’s also a good idea to sign up for Credit Karma. It’s completely free and will alert you when it sees new things on your credit report. It also updates your credit report weekly (and updates the TransUnion score daily). So you can keep tabs on your credit and remove things that shouldn’t be there.
Always good to check your credit from time to time, as you may not know when or if your data has been hacked. But checking your credit report will make it apparent a lot sooner that it has been breached.
Change and beef up your password
You’ve probably heard this every time there’s a data breach, but it is a good idea to change your password from time to time. And it’s a good idea not to use the same password everywhere.
Go ahead and change your password, and also make sure it is a pretty complex password. That’s going to make it tougher for hackers to get into your account. Yeah, it’ll make it tougher to remember, but you can also use a password manager to remember these passwords for you.
Use two-factor authentication
It’s annoying, but two-factor authentication is really useful for securing your accounts. And many websites are now forcing you to use two-factor authentication. Particularly financial institutions.
With two-factor authentication or 2FA, those hacking your account will need to know more information about you, and/or have access to your smartphone or email to actually get into your account. Which is a whole lot harder, and thus tougher for them to get into your account.
However, that also means that every time you try to log into that account, you’ll need to get a code send to your email or phone number. Which is not particularly easy, and does take some extra time to actually get into your account. But it is worth the trade-offs.
You could also opt for a physical security key. Google has their own, which they force all of their employees to use, and since then, they’ve had zero hacks on their employees accounts. Which is rather impressive. But that’s because the user would need that hardware key plus your passwords to get into your account.
Delete unused accounts
We’ve all signed up for services, and then never used them again. But that could make it easier for hackers to hack your data. Especially if you use the same email and password for multiple websites and apps. Most of us use the same email for different accounts, which isn’t a problem. The problem comes from using the same password with those accounts.
An easy way to find and delete these accounts is to Google your common username and your email address (separately of course), to find those accounts. Then you can go in and delete those accounts.
Why is this a big deal? Well if its an unused account, then you likely have not changed the password in quite some time. Which is going to make it super easy to hack that account.
Should I leave T-Mobile over this breach?
While this breach is very upsetting, especially given the amount of data that was breached. It might not be the biggest reason to leave T-Mobile. Of course, that decision is up to you anyways.
After all, AT&T also had a data breach very recently. Though we’ve heard nothing about one at Verizon yet. So changing cell phone carriers might not solve your problem, unfortunately.
But if you go through the steps above and follow them to protect yourself and your data, you should be okay with T-Mobile. Let’s just pray that T-Mobile does work to bolster its cybersecurity, though.
Ultimately, consumers have the power to vote with their wallet. So if you don’t like the fact that T-Mobile doesn’t appear to be taking these breaches seriously, jump to another carrier. If enough people do it, they’ll get the message.