This Week's InfoSec Newsletter - Aug. 20

Aug 20, 2021 2:02:00 PM | Weekly Report This Week's InfoSec Newsletter - Aug. 20

America's second-largest wireless carrier announced a major data breach that exposed the personal information of nearly 50 million current, former, and potential customers.

Earlier this week, T-Mobile (NASDAQ:TMUS), America's second-largest wireless carrier, announced a major data breach that exposed the personal information of nearly 50 million current, former, and potential customers.

The information includes full names, date of birth, Social Security, and driver's license numbers. For a sense of scale, T-Mobile's total customer base was most recently reported as 104 million, making this breach impact roughly half of its users.

 

Many different groupings of individuals were impacted. There were those who had applied for credit with the carrier (40 million), those who had already paid for services (7.8 million), and those who were on prepaid plans (850,000). Each of those groups suffered greatly, though the prepaid customers suffered the greatest loss, with phone numbers and account PINs being exposed in addition to all the other data, enough to completely steal an account.

 

While T-Mobile continues to investigate the breach, here's what you can do to protect yourself if your data may have been exposed.

  1. The first thing you should do is put a freeze on your credit reports in order to prevent any new accounts from being opened in your name. It's free and easy. Here's how to do it.
  2. Change your T-Mobile PIN and password. You should also consider changing PINs and passwords for other services if what you used for T-Mobile was also used elsewhere. A password manager can help you manage this.
  3. Follow T-Mobile's steps on their data breach response website. All those impacted are entitled to two free years of identity monitoring via McAfee.

 

This is T-Mobile's fifth data breach in the last three years and, by far, its worst. If history is any indicator, there will certainly be a sixth. It's never too late to protect your identity online. Use strong passwords, multi-factor authentication, and change them often. You are your best line of defense.