T-Mobile data breach exposes highly sensitive information for some customers [Update]
Everything you'd need for identity theft is up for grabs
Update: Tom's Guide has learned that this incident affected about 400 T-Mobile customers. The attacker or attackers seem to have penetrated T-Mobile's systems with the goal of taking over customer accounts, but the intrusion is said to be over and affected customers have been notified.
T-Mobile appears to have suffered yet another data breach, which would make it the company's third data breach in less than a year.
Unlike the previous set of T-Mobile account compromises, disclosed in late December, this is more serious because it involves "your full name, address, account number, Social Security number, customer account personal information number (PIN), account security questions and answers [and] date of birth."
- This hidden T-Mobile feature could keep your number from being stolen
- These are the best identity theft protection services
- Plus: How to watch the Golden Globes 2021 online
That's according to a boilerplate letter being sent out to T-Mobile customers whose accounts were compromised, a copy of which was obtained by Bleeping Computer.
An unknown attacker apparently "used this information to port your line to a different carrier without your authorization," the letter, dated Feb. 9, adds. "T-Mobile identified this activity, terminated the unauthorized access and implemented measures to protect against reoccurence."
"Ported" or "SIM-swapped" numbers are serious enough, as they can be leveraged to hijack other accounts or steal cryptocurrency. But you could do a lot more than steal a phone number with the information exposed in these apparent account compromises.
In many cases, all you need to do to fully steal someone else's identity is their full name, date of birth, Social Security number and current street address. All those are part of the compromised T-Mobile data this time around.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Data breach, or individual account takeovers?
For the moment, there's no information on how many T-Mobile customers might be affected. Nor do we know whether the compromised accounts were the result of a mass data breach (as happened last March) or instead a series of individual account takeovers such as might result from weak or reused passwords.
Tom's Guide has reached out to T-Mobile seeking answers to these questions, and we will update this story when we receive a reply.
T-Mobile customers who receive the letters pertaining to this most recent incident or series of incidents will be entitled to two years of free credit monitoring and identity-theft protection provided by TransUnion. They are also being asked to change their account PINs and their account security questions and answers.
Tom's Guide strongly encourages affected T-Mobile customers to take up the company on its offers of assistance and to follow its advice in securing your account.
Worried customers can call T-Mobile by dialing 611 from their T-Mobile phones or 1-800-937-8997 from any phone.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.
-
sjhollandsh
And to make matters worse, in order to opt out of their personified ad sharing to 3rd parties as required by California, they want a copy of your id(with a selfie to compare), verify phone number,etc. In other words they don't want you to opt out IMO. If I can log in and pay my bill, that's not good enough to opt out? Thanksadmin said:T-Mobile may have suffered a serious data breach, judging from a letter it recently sent to an unknown number of affected customers.
Possible T-Mobile data breach exposes highly sensitive personal information : Read more -
Dobriy Her Hackers playing with NSA installed backdoors.Reply
Happens all the time, normally they will blame it on Russian hackers.