T-Mobile needs to reset its “days since a data breach” counter back to 0, as Bleeping Computer reports the beleaguered wireless carrier has suffered its second data breach of 2023.
According to information submitted to the Office of the Maine Attorney General, T-Mobile was breached by hackers between February 24th and March 30th, with T-Mobile detecting the intrusion on March 27th.
While this breach only affects 836 customers, the stolen information is highly sensitive, including names, contact information, SSNs, government IDs, DOBs and T-Mobile account PINs. Financial information associated with T-Mobile accounts was not affected, however.
The leak of this kind of information puts T-Mobile customers at serious risk of identity theft. Identity theft occurs when fraudsters use a victim’s personal information to impersonate them, usually for financial benefit. For example, they might apply for credit in the victim’s name and leave them on the hook for the bill, or submit fraudulent tax returns to steal their refund.
The stolen information also puts affected customers at risk of targeted phishing attacks. In a phishing attack, a criminal contacts a potential victim while pretending to be a legitimate company. The criminal will then attempt to trick the victim into revealing sensitive information, such as passwords or credit card information.
T-Mobile notes it has reset account PINs that may have been compromised and is offering the 836 affected customers two years of free identity theft protection via TransUnion’s myTrueIdentity.
Identity theft protection services don’t prevent criminals from stealing someone’s identity, however. Instead, they alert the potential victim when someone applies for credit in their name and provide support if identity theft occurs.
Because of this, customers who have had their data stolen may want to consider freezing their credit. A credit freeze is free and prevents credit reporting agencies from sharing a person’s credit report with potential lenders. This means most, if not all, applications a criminal makes for credit in that person’s name will be denied, even if the criminal has all of their correct information, because the lender cannot see their credit history.
It’s worth bearing in mind a freeze will prevent even legitimate applications from being approved. However, a freeze can be temporarily “thawed” to allow the reporting agencies to share a person’s credit report with their lender.
Freezes must be set up separately with each individual credit reporting agency. As NerdWallet explains, Experian, Equifax and TransUnion are the most important bureaus to set up a freeze with, but reports from Innovis and National Consumer Telecom & Utilities Exchange are good to freeze, too.
While it’s easy to get data-breach fatigue, the sensitive nature of the data stolen in this attack means those affected are attractive targets for phishing scammers and identity thieves. So if your data was stolen, be extra suspicious about messages you receive via text and email and consider freezing your credit.