T-Mobile Suffers Yet Another Data Breach

Last updated on April 19th, 2024 at 02:37 am

An AI generated image of a figure in a hoodie next to a giant phone that is shattering.
Image generated using Midjourney. Prompt: A data breach at a cell phone company, digital art style.

T-Mobile needs to reset its “days since a data breach” counter back to 0, as Bleeping Computer reports the beleaguered wireless carrier has suffered its second data breach of 2023.

What happened?

According to information submitted to the Office of the Maine Attorney General, T-Mobile was breached by hackers between February 24th and March 30th, with T-Mobile detecting the intrusion on March 27th.

Breach information
Total number of persons affected (including residents):836
Total number of Maine residents affected: 1
If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified: No
Date(s) breach occurred: 2/24/2023-3/30/2023
Date breach discovered: 3/27/2023
Description of the breach: External system breach (hacking)
Information acquired: Name or other personal identifier in combination with; Driver's license number or non-driver identification card number.
Information about the breach was provided on the website of the Office of the Maine Attorney General. Source: Data Breach Notifications Page

While this breach only affects 836 customers, the stolen information is highly sensitive, including names, contact information, SSNs, government IDs, DOBs and T-Mobile account PINs. Financial information associated with T-Mobile accounts was not affected, however.

The fallout

The leak of this kind of information puts T-Mobile customers at serious risk of identity theft. Identity theft occurs when fraudsters use a victim’s personal information to impersonate them, usually for financial benefit. For example, they might apply for credit in the victim’s name and leave them on the hook for the bill, or submit fraudulent tax returns to steal their refund.

An AI generated image of a green credit card with yellow splotches on it next to a yellow sign with a black skull on it.
Image generated using Midjourney. Prompt: A credit card next to a sign for radioactive waste, digital art style.

The stolen information also puts affected customers at risk of targeted phishing attacks. In a phishing attack, a criminal contacts a potential victim while pretending to be a legitimate company. The criminal will then attempt to trick the victim into revealing sensitive information, such as passwords or credit card information.

T-Mobile notes it has reset account PINs that may have been compromised and is offering the 836 affected customers two years of free identity theft protection via TransUnion’s myTrueIdentity.

Credit freezes

Identity theft protection services don’t prevent criminals from stealing someone’s identity, however. Instead, they alert the potential victim when someone applies for credit in their name and provide support if identity theft occurs.

Because of this, customers who have had their data stolen may want to consider freezing their credit. A credit freeze is free and prevents credit reporting agencies from sharing a person’s credit report with potential lenders. This means most, if not all, applications a criminal makes for credit in that person’s name will be denied, even if the criminal has all of their correct information, because the lender cannot see their credit history.

An AI generated image of a blue credit card encased in ice.
Image generated using Midjourney. Prompt: A frozen credit card.

It’s worth bearing in mind a freeze will prevent even legitimate applications from being approved. However, a freeze can be temporarily “thawed” to allow the reporting agencies to share a person’s credit report with their lender.

Freezes must be set up separately with each individual credit reporting agency. As NerdWallet explains, Experian, Equifax and TransUnion are the most important bureaus to set up a freeze with, but reports from Innovis and National Consumer Telecom & Utilities Exchange are good to freeze, too.

The takeaway

While it’s easy to get data-breach fatigue, the sensitive nature of the data stolen in this attack means those affected are attractive targets for phishing scammers and identity thieves. So if your data was stolen, be extra suspicious about messages you receive via text and email and consider freezing your credit.

Leave a Comment

Your email address will not be published. Required fields are marked *