T-Mobile Data Breach: What Steps to Take Now

• A T-Mobile data breach, the telecommunications company’s third since December 2020, has affected 50+ million current and former customers.
• Social Security numbers (SSNs), driver’s license information, phone numbers, and International Mobile Equipment Identities (IMEIs) and International Mobile Subscriber Identities (IMSIs) have been compromised.
• SSNs and driver’s license information can be used to commit different forms of identity crimes like financial identity theft. IMEIs and IMSIs can be used to track your mobile device or assist in SIM swapping attacks.
• Attorney Generals across the country are weighing in and announcing that a large subset of the information compromised in the breach is now for sale on the dark web.
• To protect yourself, consider freezing your credit, changing your passwords and PINs (change to a 12+ character unique passphrase), use multi-factor authentication on your accounts, don’t ignore data breach notification letters and have a plan of action for if your IMSI and IMEI are compromised.
• To learn more about the T-Mobile data breach, or if you believe you are affected by the data compromise, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat (www.idtheftcenter.org).

T-Mobile suffered its second data breach since February 2021 and its third breach since December 2020. The T-Mobile data breach leaves many current, former and prospective customers wondering what happened, how it happened and what they need to do to stay safe.

What Happened?

According to T-Mobile, a bad actor compromised T-Mobile’s systems. The company says they located and closed the access point they believe was used to gain entry to their servers.

On August 17, 2021, T-Mobile confirmed that approximately 47 million people were impacted by the data breach. T-Mobile also said the data stolen from their systems included personal information like customers’ names, dates of birth, Social Security numbers (SSNs), and driver’s license/identity information for current, past, and prospective customers.

However, in an update on August 20, 2021, T-Mobile said they discovered that phone numbers, as well as the typical numbers that allow a mobile phone to be identified and join a network (the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI)), were also compromised. T-Mobile identified another 5.3 million current customer accounts that had one or more associated names, addresses, dates of birth, phone numbers, and IMEIs and IMSIs illegally accessed.

The Verge reports that the Federal Communications Commission (FCC) is investigating the T-Mobile data breach that may have impacted as many as 100 million customers.

What Does It Mean to You?

Identity criminals can use information like your SSN and driver’s license to commit an array of identity crimes like false applications for loans, credit cards or bank accounts in your name. IMEIs and IMSIs could be used to track your mobile device or assist in SIM swapping attacks where someone hijacks your phone number to intercept multi-factor authentication codes or other information.

Compromised Information Being Sold on the Dark Web

According to numerous Attorney Generals across the country, a large subset of the information compromised in the breach was and is for sale on the dark web. Many individuals have received alerts through various identity theft protection services that their information was found online. The discovery makes it vital that everyone impacted takes the appropriate steps to protect themselves from the T-Mobile data breach.

What Can You Do to Protect Yourself from the T-Mobile Data Breach?

• Freeze your credit. T-Mobile is offering identity protection services to impacted customers, including credit monitoring. While monitoring your credit is informative, it does not offer protection. It tells you what happened but does not stop anything from happening. A credit freeze does. Freezing your credit is free, easy and does not impact your credit.
• Change your passwords and PIN numbers. You want to make sure you do not use the same passwords or PINs on more than one account. The Identity Theft Resource Center (ITRC) recommends you switch to a unique passphrase (something you can remember that is at least 12 characters long). You can also use a password manager to generate and keep track of your credentials. Cybercriminals want us to reuse passwords on more than one account because it makes it easier for them to commit identity crimes.
• Use multi-factor authentication (MFA or 2FA) on your accounts. MFA and 2FA provide an added layer of security. Also, if possible, use an authentication app rather than having a code sent by text to your phone because the text messages can be spoofed and intercepted in a SIM swapping scheme. Authentication apps are available for free from Microsoft, Google and other software providers.
• Have a plan if your IMEI or IMSI information is used fraudulently. It’s unknown if or how the IMEI or IMSI information stolen in the T-Mobile data breach will be used. However, it is important you have a plan if it is. There is no reason to panic about your phone being disabled. However, in the unlikely event it is, plan how you will contact T-Mobile. You can do this through their website t-mobile.com, an in-person visit to a T-Mobile store or using a landline telephone.
• FOR BUSINESSES: You can’t lose control over the information you don’t have. Don’t collect more information than you need. Don’t keep the sensitive information longer than you need to complete the transaction. Also, keep what data you do collect and maintain safe and secure by encrypting it. Finally, make sure you offer MFA or 2FA for your customers’ and prospects’ protection when logging into their accounts.

What Are the Next Steps to Take?

• Closely monitor your financial accounts (credit cards, banking, utilities, etc.) for any signs of fraudulent activity.
• Stay alert for a data breach notification, as well as any potential identity fraud due to the T-Mobile data breach. While it is easy to ignore a breach notification, there are usually important steps in the notices, like how to activate free identity protection services. In T-Mobile’s notification letter, the company offers two years of free identity protection services. They also recommend all eligible T-Mobile customers sign up for scam blocking protection through the company’s Scam Shield, and directs people to a customer support webpage with breach information and access to tools.
• Be on the lookout for phishing emails exploiting the T-Mobile data breach to get you to click on a malicious link or share sensitive information.
• Act if your driver’s license is impacted. If your driver’s license information has been compromised, contact the Department of Motor Vehicles (DMV) in your state to notify them your information may have been exposed. See if you can place an alert on your license number and check your driving record.

Contact the ITRC

While this T-Mobile data breach leaves uncertainty for many, the ITRC does not want anyone to panic. As long as you have a plan, you will be able to address any misuse of your information.

The ITRC remains available to help you. If you have questions about the T-Mobile data breach or believe you may be impacted by it, contact the ITRC toll-free by phone (888.400.5530) or live-chat on the company website (www.idtheftcenter.org). ITRC expert advisors will walk you through the steps you need to take and help you create a resolution plan.

This post was originally published on 8/20/21 and was updated on 3/3/22