Within the breach – hackers were also able to steal sensitive information of over 7.8 million customers. According to their statement this includes first and last names, date of birth, SSN, and driver’s license information. “We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information,” the press release states.
T-Mobile’s statement regarding the breach came out a few days after a post on Motherboard – an underground forum surfaced. The post claimed it had access to “a mountain of personal data” that came from T-Mobile’s servers. The sellers were asking buyers to pay 6 bitcoins – or the equivalent of $270,000 for over 30 million social security numbers and drivers license data. The seller planned to sell the additional 10 million to a private buyer.
T-Mobile announced that it had notified millions of individuals who were affected by the breach and currently recommends that customers change their pin number and passwords although according to their Notice of Breach website, they have no information that indicates any passwords, postpaid PIN numbers, or financial or payment information have been compromised. The website also recommends several other steps a customer can take to protect their identity. This includes signing up for McAfee ID Threat Protection Service, Active Scam Shield and sign up for a free Account Takeover Protection Service. Any additional questions can be directed to their Customer Care Team at 611 from your T-Mobile phone or by calling 1-800-937-8997.
If you are a customer effected by the data breach there are numerous steps that you can take to protect your data. If you have not already – freeze your credit accounts right away by calling Equifax, Experian, and TransUnion and asking that they freeze your account. By freezing your account – you’ll stop potential identity thief from opening a new line of credit in your name or accumulating additional debt.
Change your passwords to all your accounts – especially if it’s the same or similar to your T-Mobile account. It’s always a best practice to change your password every few months – and to have different passwords for different accounts. The password itself should use a combination of upper-case letters, lower case letters, numbers, and special characters.
You can also go on the website www.haveibeenpwned.com which wills how you if your accounts have been compromised. By entering your email address, it will show you which accounts have been hacked. It’s important that you change your passwords to these accounts immediately.