Hackers claim they stole data of 100 million T-Mobile Users
Note: We may earn a commission from products or services when you click on a link and make a purchase.
T-Mobile is investigating yet another major data breach. A forum post is selling sensitive data belonging to 100 million people. The post does not mention the mobile carrier. According to Vice’s Motherboard, attackers claim to have stolen the personal information of over 100M T-Mobile customers.
T-Mobile has confirmed it has suffered yet another data breach. The company has not disclosed said what information was stolen and how many customers the data breach impacts. This is about the fifth breach in three years.
Telecom T-Mobile Hacked Again
Mobile carrier T-Mobile is a subsidiary of German telecommunications company Deutsche Telekom AG. In April 2020, T-Mobile and Sprint merged to become the largest 5G carrier in the United States.
Hackers are selling 30 million stolen customer records containing social security numbers and driver licenses for six bitcoin (approximately $270,000.) The remainder of the records will be sold privately.
“Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers,” says Motherboard. The attackers downloaded copies of the customer data before T-Mobile was able to remove their access to their servers.
Shares of T-Mobile US Inc (TMUS.O) were down 2.8% in afternoon trading.
The stolen data includes
- Name
- Social Security numbers
- Phone numbers
- Physical addresses
- Unique IMEI numbers
- Driver license numbers.
“We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved,” says a statement on the T-Mobile website.
This is the fifth time T-Mobile has been since 2018. In 2019 T-Mobile customer data was also compromised. Hackers stole account information from one million T-Mobile prepaid plan customers. The last incident was in 2020 when attackers breached employee email accounts and stole customer financial data.
What does it mean when your data has been breached?
When your data is breached it means that your personal information was seen or stolen by people – usually hackers – who should not have any access to your private personal details. Sensitive breached data includes name, addresses, email address, birth date, Social Security number, driver’s license numbers, photos, and passports.
Sometimes a data breach means that the information was publicly available although it may or may not have been accessed by a criminal.
However, a data breach often means that cybercriminals accessed and make copies of your highly sensitive personal details including bank accounts and credit card numbers.
Cybercriminals use this stolen personal information to open credit cards, car loans, and mortgages using the victim’s identity. They may also sell it to other hackers who call and spam you.
What To Do If Your Data Was Breached
First, figure out if you’re affected by the T-Mobile data breach. You may receive an email or even a snail mail letter via USPS postal mail notifying you that you are affected. However, if you feel you could be one of the impacted victims, take immediate action to protect your personal information and your money.
Don’t wait for the breached company to notify you. I was a victim of the Starwood Hotel / Marriott data breach. It took months for Marriott to notify me. They sent an email that I could have easily missed. An email notification could easily be caught in your spam filter and you may never see it.
“Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders,” says T-Mobile in the data breach announcement.
This means those who are impacted may not know about this for months. This is plenty of time for hackers to use and resell your information to other criminals.
Change your password on any account or device that is connected to this data breach. It takes months to investigate any cybercrime. It’s very common to find out that more people were impacted than originally thought or that more accounts or devices were breached.
If you are a T-Mobile customer, change your password on your online account. Change the passwords for any app you have installed on your phone.
The average person has over 200 online accounts including loyalty programs, rewards shopping accounts, and travel apps. It’s hard to remember a unique and hard-to-guess password for each one of these accounts. Use a password manager app, such as Keeper, to create and store strong passwords for you.
Keep checking your credit cards and bank cards for any suspicious charges or missing money. If you see any fraudulent transactions inform your bank immediately.
You may want to order a credit monitoring service to help keep an eye on all your bank accounts, lines of credit, and payment cards.
T-Mobile has said the company is confident the vulnerability used by the attackers is patched.
