Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Update: Tom's Guide has learned that this incident affected about 400 T-Mobile customers. The attacker or attackers seem to have penetrated T-Mobile's systems with the goal of taking over customer accounts, but the intrusion is said to be over and affected customers have been notified.
T-Mobile appears to have suffered yet another data breach, which would make it the company's third data breach in less than a year.
Unlike the previous set of T-Mobile account compromises, disclosed in late December, this is more serious because it involves "your full name, address, account number, Social Security number, customer account personal information number (PIN), account security questions and answers [and] date of birth."
- This hidden T-Mobile feature could keep your number from being stolen
- These are the best identity theft protection services
- Plus: How to watch the Golden Globes 2021 online
That's according to a boilerplate letter being sent out to T-Mobile customers whose accounts were compromised, a copy of which was obtained by Bleeping Computer.
An unknown attacker apparently "used this information to port your line to a different carrier without your authorization," the letter, dated Feb. 9, adds. "T-Mobile identified this activity, terminated the unauthorized access and implemented measures to protect against reoccurence."
"Ported" or "SIM-swapped" numbers are serious enough, as they can be leveraged to hijack other accounts or steal cryptocurrency. But you could do a lot more than steal a phone number with the information exposed in these apparent account compromises.
In many cases, all you need to do to fully steal someone else's identity is their full name, date of birth, Social Security number and current street address. All those are part of the compromised T-Mobile data this time around.
Data breach, or individual account takeovers?
For the moment, there's no information on how many T-Mobile customers might be affected. Nor do we know whether the compromised accounts were the result of a mass data breach (as happened last March) or instead a series of individual account takeovers such as might result from weak or reused passwords.
Tom's Guide has reached out to T-Mobile seeking answers to these questions, and we will update this story when we receive a reply.
T-Mobile customers who receive the letters pertaining to this most recent incident or series of incidents will be entitled to two years of free credit monitoring and identity-theft protection provided by TransUnion. They are also being asked to change their account PINs and their account security questions and answers.
Tom's Guide strongly encourages affected T-Mobile customers to take up the company on its offers of assistance and to follow its advice in securing your account.
Worried customers can call T-Mobile by dialing 611 from their T-Mobile phones or 1-800-937-8997 from any phone.
