T-Mobile Data Breach

The T-Mobile Data Breach Is Much Worse Than It Had to Be

The vast majority of victims weren’t even T-Mobile customers. Now their information is for sale on the dark web.

T-Mobile shared details about the data breach it confirmed Monday afternoon. They’re not great. Assorted data from more than 48 million people was compromised, and while that’s less than the 100 million that the hacker had initially advertised, the vast majority of those affected turn out not to be current T-Mobile customers at all.

Instead, T-Mobile says that of the people whose data was compromised, more than 40 million are former or prospective customers who had applied for credit with the carrier. Another 7.8 million are current “postpaid” customers, which just means T-Mobile customers who get billed at the end of each month. Those roughly 48 million users had their full names, dates of birth, social security numbers, and driver’s license information stolen. An additional 850,000 prepaid customers—who fund their accounts in advance—had their names, phone numbers, and PINs exposed. The investigation is ongoing, which means that the tally may not stop there.

“Generally speaking, it’s still the Wild West in the United States when it comes to the types of information companies can keep about us,” says Amy Keller, a partner at the law firm DiCello Levitt Gutzler who led the class action lawsuit against Equifax after the credit bureau’s 2017 breach. “I’m surprised and I’m also not surprised. I guess you could say I’m frustrated.”

Freeze your credit

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. That’s why personal finance and identity theft expert Adam Levin says affected customers should freeze their credit reports. You’ll have to contact each of the three major credit bureaus — Equifax, Experian and TransUnion — with your requests, but freezing your credit is completely free, doesn’t affect your credit score and prevents anyone with your personal information (including you) from opening new lines of credit without securely “thawing” everything first.

Rethink two-factor authentication

If you’re even mildly security-conscious, you might already have two-factor authentication enabled on some of your online accounts — and that’s good thinking. Here’s the rub, though: If you’re concerned your data has been compromised as part of this breach, it might be time to rethink how you use 2FA.

Let’s say an attacker manages to obtain your name, date of birth and Social Security number — if they luck out and find your address and reused password in other data dumps, that might be enough to give them access to your T-Mobile account. If that happens, you could be vulnerable to what’s called a SIM-swap attack, in which the hacker manages to switch control of your phone number to a phone they control. That’s definitely bad, but what could make it worse is if the verification codes sent by services like Amazon, Twitter and many banks are delivered via text message. In that case, the keys to your online kingdom could be ferried straight to someone else.

Keep monitoring the situation

T-Mobile’s investigation is really only getting started. But hopefully the company’s next updates will give us all a better sense of the attack’s scope, and how best to respond.

With any luck, T-Mobile will also get around to answering some lingering questions. Here’s one that still hasn’t been answered: The first Motherboard story that highlighted the breach noted that the hacker(s) had obtainedIMEI numbers — long strings of digits unique to each phone sold — in addition to the rest of the personal information we’ve discussed so far. Meanwhile, T-Mobile’s statements don’t mention them at all. So were they leaked or not? This matters quite a bit, because IMEI numbers can be blacklisted if the device they’re attached to is reported stolen. Theoretically, that means an attacker might be able to at least temporarily prevent you from using your phone by using other leaked information to access your account and reporting your IMEI as lost.

Snootie Wild died of injuries he sustained from a shooting

Florida Woman Falls to Her Death After Draw Bridge Opens Beneath Her

Care worker Phillip Carey jailed for life after he was caught raping a 99-year-old dementia patient

Teen fatally shot in parked vehicle in Brooklyn

LEGENDARY soul singer Syl Johnson dead at 85

------------->We pay for your stories! Do you have a story for Memon News team? Email us at contact@mariamemon.com------------> mariamemon.com Is the most visited news, Trending Topics and current affairs website. All rights reserved to Maria Memon Media Group for all content published on this website.