On August 16, T-Mobile confirmed that it was the victim of a major data breach. Days later the company updated its report to say that the personal data from around 54 million customers had been hacked and stolen.
The stolen data, which came from the wireless provider’s databases of current, former, and prospective customers, included Social Security numbers, consumer names, addresses, dates of birth, driver’s licenses, and other identification information. T-Mobile said there’s no indication any consumer financial data, such as credit card or other payment information, was compromised.
On August 26, The Wall Street Journal published an interview with a 21-year-old American named John Binns who claimed responsibility for the hack.
Binns, who moved to Turkey a few years ago, called T-Mobile’s security “awful” and said he’d committed the hack in part to get attention. He didn’t reveal whether or not he was paid to carry out the hack or if he’d sold any of the data that was stolen. The FBI is investigating.
The breach is one of at least four similar incidents that has hit the company since 2015.
In a statement, T-Mobile said it is investigating the breach and has taken the necessary actions to close the vulnerabilities that were exploited. It now says that it is confident customer data has been secured. T-Mobile says it’s contacted nearly all affected customers. It’s also in the process of attempting to reach all the affected former and prospective customers. To those affected, T-Mobile is offering free access to McAfee’s ID Theft Protection Service for two years and advanced spam-blocking. The company has also reset PIN numbers for all prepaid customers after the exposure of 850,000 accounts.
If you think your data may have been compromised in this breach, experts recommend:
1. Take advantage of T-Mobile’s offers of identity theft and account takeover protection services.
2. Take actions to freeze your credit. Freezing your credit can prevent someone from opening a new financial account or taking out a loan in your name.
3. Update your passwords. Make sure you’re using strong passwords and two-factor authentication on all of your accounts.