The third most popular mobile network in the US, T-Mobile, has suffered a data breach that affected more than two million of its customers.
According to the company’s website, on 20 August 2018, T-Mobile’s inhouse security team noticed unusual activity that was immediately “shut down.”
Data potentially compromised before the shutdown included subscribers’ names, billing zip codes, phone numbers, email addresses, account numbers and account types (e.g. pre-paid or billed).
Apparently, no social security numbers (SSNs), financial data or account passwords were accessed during the attack.
The alert doesn’t mention the number of subscribers involved but this is being reported by Motherboard as just shy of 3%, or around 2.26 million accounts.
Users caught up in the breach would be contacted with further instructions, T-Mobile said, though the company didn’t say how or when that would happen. (Motherboard quoted a spokesperson as saying that affected customers would be told by text message.) If there’s good news in this incident, it’s that the breach seems to have been noticed quickly by T-Mobile’s inhouse security team, and the company has told its customers within a matter of days.
In plenty of other breach incidents, companies have realised what happened only after they were contacted by a third-party researcher, by the attackers themselves, or, in the worst-case scenario, by customers reporting fraud attempts.
This is often weeks or months – sometimes even years – after the event, by which time a lot of damage has been done.
According to the Privacy Rights Clearinghouse, so far in 2018 (to early August) 513 disclosed data breaches covering 819 million records have been recorded. For comparison, the whole of 2017 saw 831 breaches covering just over two billion records.
T-Mobile is reaching out to affected users by text message. If you’re a T-Mobile customer and have not received a text message, then it’s probably safe to assume you haven’t been affected. However, T-Mobile is encouraging customers to reach out to it if they’re worried about the hack. Customers can do so by dialing 611 from their T-Mobile phone to contact customer service.
If you are a T-Mobile user, we recommend updating your account password and call in pin immediately. See what restrictions you can put on your account to help T-Mobile qualify the caller as the account owner or two factor authentication when accessing your online account. If you feel your personal data has been breached seek the help of an identity protection service. Please contact 7th Di to perform a complimentary Dark Web scan for personal or work related information.