Over 54M T-Mobile Records Hacked: 5 Steps To Take Now

T-Mobile Logo

You may have seen recent reports of a huge data breach of T-Mobile customer lists and information. Who does this impact and what should you do to protect yourself?

How This All Began

Earlier this month, a person on the Dark Web claimed to have 30 million T-Mobile customer records along with personal information including names, date of births, drivers license details, and social security numbers. The seller later spoke with Vice’s Motherboard informing them the breach included 100 million records.

How To Know If This Impacts You

If you ever applied for a T-Mobile account – whether or not you ended up using their services, your data may be at risk. According to T-Mobile the breach impacts multiple groups:
 
1) 13.1 million postpaid plan customers (you receive a bill, and then pay it)
2) 40.6+ million prospective customers (who filled out an application for any phone plan)
3) 902k prepaid plan customers (you pay for services ahead of each plan cycle)

What To Do If This Affects You

1) Change Your T-Mobile PIN

Creating a new PIN will help prevent unauthorized access. If you have a prepaid plan then your PIN has already been reset, but not for postpaid plans. Once you reset your PIN, I would recommend saving it in a password manager like LastPass as previously written about. By not resetting your PIN may be vulnerable to SIM card hijacking, also called a SIM swapping attack. 

How does a SIM hack work exactly? A hacker uses your personal details to convince your mobile carrier that you have a different SIM card/phone. The carrier then transfers over your phone number to the hacker’s phone. Once this occurs, they may attempt to hack into various accounts (e.g., banking and emails) to steal your identity and possibly drain your finances. Alternatively, they may hold your account for ransom or use it for other nefarious and illegal purposes.

2) T-Mobile’s Complimentary 2-Year Partnership With McAfee ID Theft Protection Service

Utilizing this will help by monitoring your credit, scanning the dark web for your compromised information, $1M identity insurance (except for NY and PR residents, due to local laws), among other 24/7 ID services. You will have the opportunity to extend this coverage after the free period ends.

3) T-Mobile Account Takeover Protection

If you have a T-Mobile for Business, T-Mobile Postpaid, or Sprint plan you are eligible for this next step. (Sorry Boost by T-Mobile and T-Mobile Prepaid customers!) Secure your Account Takeover Protection capabilities in your T-Mobile settings. While it may be a pain, as it needs to be done for each phone number on your account, this is 100% worthwhile. First, you need to be the main account holder or have full access to the account. Second, follow this link if you have one of the eligible T-Mobile accounts and use this if you have a Sprint account

4) Lock Your Credit On The 3 Major Credit Bureaus

Taking this action will prevent institutions from requesting your credit report, and thus making it more difficult for someone to open a fraudulent account in your name. Below are links to do so on each credit bureau:

5) Consider Subscribing To Credit Monitoring

Given the vast nature of this data breach, you may want to keep an eye out for new accounts and lines of credit opened in your name. While T-Mobile is providing a free two years of monitoring, most hackers are patient and will wait for your free monitoring to expire. Before expiry, I recommend continuing to pay for credit monitoring or if you have a Mastercard, you can sign up for free identity protection.

These steps may seem a bit daunting, so if you’re in need of assistance, please don’t hesitate to contact me to set up a remote session.