Over the past few years, data breaches have become a more commonplace occurrence across the technology world. If you're T-Mobile USA, it seems that you're a constant target for these attacks, with several over the past few years affecting the company. This week, it was revealed that yet another breach had hit the wireless carrier.
This information originally came in the form of a post on a dark web message board, offering the accessed data for sale. Several publications were able to confirm that the data appeared complete and accurate. The original poster had claimed that they had the information of around 100 million T-Mobile (and Sprint) customers and prospective customers. The information, as described by the poster, included essential, identifiable information, including names, addresses, date of birth, phone numbers, credit card numbers, and social security numbers.
Clearly, if this information was leaked, an unimaginable amount of damage could be done to customers. That content is enough for a nefarious actor to take out credit in your name. This reveal panicked a lot of customers who feared that their identity might be in jeopardy. But, with no official response from T-Mobile for an uncomfortable amount of time, the fear naturally grew.
After a short while of speculation, T-Mobile responded to the breach, confirming that data had been accessed without authorization. In our offices, two of the three T-Mobile and Sprint customers received text messages about the issue, with each receiving different texts. The third member did not receive a text at all, suggesting that this is not full system access, or the company is not sure exactly what was accessed.
That theory was confirmed by the company, which said that it was aware of the issue, but that the details of what might have been accessed were still unknown. They also said that they believed that the number of customer data records retrieved reported by the seller was more than double what they believed to be accurate. Currently, the company believes that around 47 million customer records were accessed. T-Mobile has also promised to help affected customers.
As part of the commitment to protecting customers, T-Mobile has set up protection services for customers. Among these protective services are the company's Scam Shield, which protects you from nonsense phone calls, Account Takeover Protection, which prevents unauthorized access to your T-Mobile account, and, most importantly, two free years of McAfee ID Theft Protection Service. According to T-Mobile, this service will provide "dark web and credit monitoring, full-service ID resolution, $1 million identity insurance, lost wallet recovery, and much more."
Unlike previous breaches with other companies that have offered identity protection services, this one might just be required. As the company says the amount of data accessed varies per person, and they include the possibility of government identification and social security number, identity protection is going to be important. As we all know that no service is perfect, there are some other ways to protect your identity in the event of this or another data breach.