The T-Mobile Data Breach: What We Know & How To Protect Yourself

T-Mobile has been in the headlines quite a bit lately, and information technology's not a good thing. Its customers' information has been breached yet again. Information technology'south non the first time, not even the beginning fourth dimension in 2021.

This latest data breach was uncovered by Motherboard , and claims that 100 million T-Mobile customers had their information breached in this attack. That loosely translates to all of T-Mobile's customers. That is a very big deal.

Today, we're going to get over what data was hacked in this breach, and what y'all can practice to protect yourself. This should hopefully help yous protect your data a bit amend, and perhaps answer the question of whether you lot should leave T-Mobile or not.

What actually happened?

A hacker got its hands on data from virtually every single T-Mobile customer. And he was selling information technology for effectually 6 Bitcoin. At the time, that translated to about $270,000 USD. That amount only covered around xxx million social security numbers and driver licenses. The seller decided to privately sell the rest of the data.

T-Mobile after came out after it did its investigation on the issue, and said that effectually 850,000 prepaid customers and seven.eight 1000000 postpaid customers were breached. Along with more than xl 1000000 records related to old or prospective customers who had applied for credit with T-Mobile.

That'south a whole lot less than what the hacker claimed to have stolen from T-Mobile. The number of hacked accounts really doesn't matter, it's the fact that they were hacked. And T-Mobile badly needs to pace up its cybersecurity.

This isn't the first T-Mobile alienation this year. And has had five cyberattacks since 2018. Which makes this latest breach pretty troubling. Only also not surprising. It seems similar information technology's every other week we're hearing about some other company beingness hacked and personal information existence stolen.

Many law firms take already taken action and filed class-action lawsuits against T-Mobile in Washington state (where T-Mobile is headquartered) seeking compensatory damages. Every bit well equally reimbursement for out-of-pocket costs, improvements to T-Mobile's information security systems, futurity annual audits and adequate credit monitoring.

For the most part, it's non if your data is breached, but when.

What data was breached?

The hackers stole a lot of data in this particular breach. It's pretty insane how much data they managed to get their easily on actually. In fact, Rick Tracy, the chief security officer at Telos, which is a cybersecurity firm, stated that "if it'south true, it's a treasure trove of personally identifiable information. This was a lot of data for a lot of customers. Unauthorized admission should have triggered an alarm."

Tracy is absolutely right here. The hackers took basically all of the data for these customers.

Prepaid customers

For prepaid customers, hackers stole their names, phone numbers, and business relationship PINs. T-Mobile has reset all of the PINs on those accounts that were breached. Merely T-Mobile is still recommending everyone reset their Pivot just in case.

Interestingly, no customers from Metro by T-Mobile, Dart prepaid or Boost Mobile customers had their information breached. Just regular T-Mobile Prepaid.

Postpaid, old and prospective customers

The information stolen in this group is different from the prepaid customers, considering these are those that applied for financing. To practise a monthly installment plan on their new phone – which Prepaid customers don't have that option.

For postpaid customers, their names, date of birth, social security number and driver's license/ID data was stolen. And the same goes for former and prospective customers that applied for financing.

T-Mobile says that phone numbers, account numbers, PINs, passwords and financial information was not compromised, however.

How you can protect yourself from these information hacks

Whether your data was breached or not, information technology's a skilful idea to have these steps to protect your data. Even if it didn't get hacked this time, that doesn't mean it won't in the time to come (or hasn't in the past). Here are a few ways to protect yourself and your information.

Freeze your credit

Freezing your credit is the best way to protect yourself from identity theft. All the same, yous will need to contact all 3 credit bureaus to make this happen. That includes Equifax, Experian and TransUnion. The freeze is free, and all three credit bureaus give you a gratis credit report each yr.

When you do freeze your credit, it'south going to require some extra piece of work when you lot want to apply for new accounts similar a credit card, auto loan or even to rent an apartment. But information technology is worth it, for that peace of listen. Additionally, you won't be opening new accounts all that oft.

Information technology'south also a good idea to sign upwards for Credit Karma . Information technology's completely free and will alarm y'all when information technology sees new things on your credit report. It likewise updates your credit study weekly (and updates the TransUnion score daily). And so you can go on tabs on your credit and remove things that shouldn't be in that location.

Always adept to check your credit from time to time, every bit you may not know when or if your data has been hacked. Just checking your credit report will make it credible a lot sooner that it has been breached.

Change and beefiness upwardly your password

You've probably heard this every time there'due south a information breach, but it is a practiced thought to change your password from time to time. And it'due south a skilful idea not to use the aforementioned password everywhere.

Get ahead and change your password, and also make sure information technology is a pretty complex password. That'due south going to make it tougher for hackers to get into your business relationship. Yep, it'll make it tougher to remember, but you tin also use a password manager to remember these passwords for you.

Use two-factor authentication

Information technology's annoying, simply two-factor authentication is really useful for securing your accounts. And many websites are at present forcing you to utilise two-gene hallmark. Especially fiscal institutions.

With ii-factor authentication or 2FA, those hacking your account will need to know more data about you, and/or have admission to your smartphone or electronic mail to actually get into your account. Which is a whole lot harder, and thus tougher for them to get into your account.

However, that also means that every time you try to log into that account, y'all'll need to go a code send to your email or telephone number. Which is not particularly piece of cake, and does take some actress time to actually get into your account. But information technology is worth the trade-offs.

You could as well opt for a physical security key. Google has their own, which they forcefulness all of their employees to use, and since then, they've had cipher hacks on their employees accounts. Which is rather impressive. But that's because the user would need that hardware fundamental plus your passwords to get into your account.

Delete unused accounts

Nosotros've all signed up for services, and and so never used them again. But that could make it easier for hackers to hack your data. Especially if you use the same email and password for multiple websites and apps. Virtually of us employ the same email for different accounts, which isn't a trouble. The problem comes from using the same password with those accounts.

An easy style to find and delete these accounts is to Google your common username and your email address (separately of class), to detect those accounts. So yous tin go in and delete those accounts.

Why is this a large deal? Well if its an unused account, then yous likely have not changed the password in quite some time. Which is going to make it super easy to hack that business relationship.

Should I leave T-Mobile over this breach?

While this breach is very upsetting, specially given the amount of data that was breached. It might not be the biggest reason to go out T-Mobile. Of form, that decision is up to you lot anyways.

After all, AT&T likewise had a data breach very recently. Though we've heard nothing about one at Verizon even so. And so changing cell phone carriers might non solve your problem, unfortunately.

But if y'all get through the steps above and follow them to protect yourself and your data, yous should be okay with T-Mobile. Let's only pray that T-Mobile does work to eternalize its cybersecurity, though.

Ultimately, consumers have the ability to vote with their wallet. So if you don't like the fact that T-Mobile doesn't announced to be taking these breaches seriously, jump to another carrier. If enough people do it, they'll become the message.