T-Mobile is drawing attention for all of the wrong reasons after it confirmed a massive data hack that could affect up to 49 million current, former and prospective customers.
After news of the breach broke over the weekend, T-Mobile released a statement clarifying some of the details. However, with the exception of fewer individuals being affected (original speculation was up to 100 million), the news isn’t great (via Tom’s Guide).
T-Mobile located and closed the access point that was used to gain entry to its servers, which is good news, but the damage is already done.
The data in the breach includes the name, address, date of birth and SSN for some postpaid customers. That combination means anyone included in the breach is susceptible to identity theft. T-Mobile reports that the postpaid accounts in the breach did not include financial information, payment information, phone numbers, account numbers, or PINs.
T-Mobile offered a more specific breakdown of the accounts affected. It includes 7.8 million current postpaid customers along with more than 40 million former and prospective customers. So even if you merely applied for a T-Mobile postpaid account, your data may be included in this breach.
T-Mobile believes that roughly 850,000 current prepaid customers were also part of the breach, but these accounts lack much of the personal information of the postpaid accounts with just names, phone numbers, and account PINs. T-Mobile already reset all PINs for these customers, so if you fall into this category, you should have already received notice of the PIN reset.
What is T-Mobile doing about the breach?
The breach is a strike against T-Mobile, particularly considering this isn’t the first in recent years. Now the company is taking action by promising to offer updates to customers as they become available.
Here are the services being offered to those affected by the breach:
- Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
- Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
- Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
- Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.