T-Mobile’s Massive Data Breach: The Extent and Scope

On Wednesday, T-Mobile announced that it had been exposed to a massive data breach, which while less than the 100 million records, remains staggeringly large in number nonetheless.

Investigation is still ongoing, but the company confirmed that records of over 40 million former or prospective customers that had applied for credit and 7.8 million postpaid customers (who currently have a contract with T-Mobile) stolen. The problem is the type of data that has been stolen.

Data stolen included first and last names, dates of birth, social security numbers, and driver’s license/ID numbers, which are information that can be used for identity theft and to set up an account in another person’s name or to hijack an existing one. The information not stolen included “phone numbers, account numbers, PINs, or passwords,” but that hardly matters when personal data including social security numbers have been breached and stolen at this point.

T-Mobile found out about the breach on a forum post by the hacker on dark web.

The real victims of this breach includes the 850,000 prepaid T-Mobile customers whose information does include names, phone numbers, and account PINs. Affected customers have already received an updated PIN reset and will also receive a notification right away. The inactive prepaid customers’ data, have not been breached, T-Mobile has confirmed.

T-Mobile continues to promise that it takes its customers’ protection seriously, but T-Mobile has experienced some sort of data breach in 2018, 2019, 2020, and now, in 2021, including one earlier in January.

T-Mobile will offer two years of free identity protection services from McAfee and has recommended even the postpaid customers to change their PIN.

코리일보