Identity Theft Concerns Rise As 48.6 Million T-Mobile Customers Data Exposed in Breach

Identity theft concerns are being raised among T-Mobile Customers as the telecommunications company disclosed they suffered a colossal data breach in which 48.6 Million individuals had information exposed by hackers. The attacks breached T-Mobile servers and stole files containing the personal information of tens of millions of customers.

The breach impacts 7.8 million T-Mobile postpaid customers, 850,000 T-Mobile prepaid users, and approximately 40 million former or prospective ones. In total, the attackers stole records of 48.6 million individuals.

“Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” T-Mobile said in a press release.

“Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”

While the company has put importance on phone numbers not being exposed, the success of identity theft hangs on information like SSNs, dates of birth, and driver’s license/ID information – All items that were exposed in the attack and are likely already for sale on the Dark Web.
to current or prospective T-Mobile customers.

“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed. We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files.” the carrier added.

T-Mobile has reset all PINs for affected accounts to prevent takeover attempts and is currently notifying these users.

The company has issued a list of steps in its press report to protect individuals who may experience identity theft.

• “Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
• Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
• Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
• Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.”

T-Mobile confirmed the claims of the hacker selling the database containing information. Not only can hackers use the details for traditional identity theft, they can also use stolen data or SIM swapping attacks, allowing them to take over other online accounts belonging to the victims.

It is advised that T-Mobile customers should be on the lookout for suspicious emails, calls, or texts from entities pretending to be the telecommunications company.

This is the sixth major data breach suffered by T-Mobile in just four years, the others being:

• In 2018, info belonging to millions of T-Mobile customers was accessed by hackers.
• In 2019, T-Mobile exposed prepaid customers’ data.
• In March 2020, hackers gained access to T-Mobile employees’ email accounts.
• In December 2020, hackers accessed exposed customer proprietary network information (phone numbers, call records).
• In February 2021, threat actors targeted up to 400 customers in SIM swap attacks after gaining access to an internal T-Mobile application.

The Dangers of Identity Theft

 

Identity Theft can be absolutely devastating for an individual. Usually, in the world of malware, we know certain things can be harmed. Our devices may need to be replaced, we may lose access to accounts for a few days or even forever, we may even need to pay a ransom for access to our data. The point is, with most types of Malware, we can eventually rebuild, though it may take longer than we anticipate. The fallout from identity theft is much longer.

Once your stolen information is used once, it can take anywhere from a few days to six months for that one incident. But your information is out there for a very, very long time. This means you could end up dealing with identity theft for many years, even decades.

Identity Theft has been around for a very long time and predates our modern technology by thousands of years. There have always been individuals that try to impersonate others for their own gain, financial or otherwise. However, the internet’s birth and wide adoption have led to new attack vectors, dwarfing any possible past attempts.

Now more than ever do we have data tied into our personal identity. Email addresses, banking numbers, phone numbers, social security numbers, home addresses – All of these and more form a picture of us as lines in a database.

And when this information falls into the wrong hands, it can do a lot of damage. Bank accounts can be drained, and your credit rating can get rattled; you can end up with medical bills or even a criminal record. The list of potential mishaps that can arise from identity theft is endless.

To hackers, identity theft represents a lucrative stream of income, and they can very easily cover their tracks. After they have seized personal information, they sell it on the dark web. This information can be sold over time, repeatedly, meaning that if you notice your identity has been stolen and used, it can be used in several instances over a long period of years.

There are some guidelines from the US government in discovering if you are a victim of identity theft if it is not immediately obvious:

• You stop receiving your regular bills and credit card statements.
• You receive statements for accounts you never opened.
• Debt collectors start calling you day and night about debts you’ve never heard of.
• The IRS alleges you failed to report income for a company you never worked for.
• You see withdrawals/charges on your bank or credit card statement that you didn’t make.
• You try to file your taxes only to discover that someone else beat you to it.
• You try to file your taxes and find someone claimed your child as a dependent already.
• Your credit report includes lines of credit you never opened.
• Your credit score fluctuates wildly and for no apparent reason.
• The most obvious sign—you receive a notification that you’ve been the victim of a data breach.
• If you are unsure, it is always best to check with the authorities on the US government’s identity theft website.