Hackers once again broke into T-Mobile’s system, reporting their fourth data breach since early 2020. The survey contained sensitive personal information related to approximately 48 million people, most of whom were former or future customers. Self-proclaimed “non-carrier”.
Here’s a breakdown of what happened, the risks you may face, and how you can protect yourself from them.
What kind of information did you get?
According to the company, the stolen data included name, date of birth, social security number, driver’s license information, and more. In most cases, the company said, “No phone numbers, account numbers, (personal identification numbers), passwords, or financial information have been leaked.” However, T-Mobile revealed that about 850,000 customers with prepaid accounts had disclosed their names, phone numbers, and account PINs.
According to security researcher Brian Krebs, hackers started selling data last weekend and predicted that everything would be online soon.
The number of people that can be affected is huge, but according to T-Mobile’s number, it’s less than half of the company’s current 105 million customers. T-Mobile has announced that it will notify customers whose data has been published and that security company McAfee will provide a two-year personal information theft prevention service free of charge.
What are the risks?
Over the years, so many companies have had so many data breaches, and some security experts say that much of the information published by T-Mobile is probably already available on the dark web. Is called. But that doesn’t mean you should just shrug what happened. Krebs warned that people whose data was disclosed are at increased risk of identity theft, phishing scams, and other forms of scams.
Social Security numbers are widely used by federal governments, banks, investment companies, government benefits programs, and insurance companies to verify their identities. The stolen SSN can be used for fraudulent credit card account opening, profit diversion or fraudulent collection, and workplace fraud, among other forms of fraud. Entering your name, date of birth, and driver’s license number makes it much easier for someone to pretend to be you.
Identity thieves can use that information to target both you and the banks, insurance companies, and other companies with which you do business. For example, you can use it to make phishing emails look more realistic and persuade them to give up additional sensitive information such as passwords and PINs. Alternatively, you can use it to trick your bank into changing your account password so that you can access your money.
For those whose phone numbers are also publicly available, there is at least one other possibility of malicious intent. It’s a SIM swap attack. There, someone persuades your mobile operator to transfer your number to another device and uses that device to try to break into the account you associated with your phone number. It is becoming more and more common to use mobile numbers as a way to verify your identity, such as when logging in to your online banking account or resetting your password. However, its convenience can backfire if your number is hijacked and used to impersonate you online.
How do you protect yourself?
The best way is to freeze your credit file. This will prevent anyone from opening a new account. It’s free to place the freeze and lift it to suit your needs. However, you will need to contact each of the three major credit bureaus individually. This can be done online. Krebs also proposes to freeze credit files maintained by a few small specialized institutions. You should also check your credit score on a regular basis. This is a good way to detect fraud after it has occurred.
Credit and identity monitoring services, which usually charge a monthly fee, can also help reveal the job of an identity thief. They provide tools to prevent you from phishing and other forms of hacking and combine it with a scanning service that looks for your social security number or email address in an online location to which it does not belong.
Meanwhile, T-Mobile has launched a website that suggests more steps people can take to prevent fraud. Anyone with a smartphone would be wise to take them:
- Create a PIN for your mobile account to further enhance your security against unauthorized changes to your account, such as malicious SIM swaps. If you are using T-Mobile and have a PIN, please set a new PIN.
- Activate T-Mobile’s “Account Takeover Protection” feature. This adds an additional protective layer above the PIN. Verizon goes a step further and automatically blocks SIM swaps by shutting down both new and existing devices until the account owner weighs them against existing devices.
- Change the password you use to access your mobile account online. Changing your password regularly is a good practice for all accounts. Also, if you’re having trouble remembering dozens of passwords, try a password manager app that can track them.
On the plus side, two-factor authentication is becoming the online standard, which improves the security of the entire web. However, too many sites recommend that the second element be the text of the phone number. This encourages SIM swap scams. Whenever possible, use the authentication app instead.