T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot worst of the worst for cybersecurity breaches. While preparing this article on the latest 54 million subscriber breach, we found no less than 4 other breaches over the last seven years. In 2015, 15 million social security numbers and addresses of subscribers were stolen. In 2018, 2 million subscribers had personal information compromised. In 2019 they had exposed 1 million subscriber’s personal information. Lastly, in 2020, they had a breach that compromised 200,000 subscribers. Now we find out everything they ever collected was stolen. They clearly are not learning from their mistakes. The 2021 breach includes current, former, and prospective T-Mobile customers; including customers of Metro by T-Mobile. That means almost anyone who’s given their information to T-Mobile could be affected.
What Was Stolen?
While we don’t yet know how this breach occurred, we do know what was stolen. The latest breach includes subscriber’s full names, driver’s license numbers, Social Security Numbers (SSN), and phone identification (IMEI and IMSI) numbers. T-Mobile discovered this exploit when hackers started selling T-Mobile customers’ user data on a dark web forum. The hackers claimed to have over 100 million users’ private data when they spoke to Vice. In response, T-Mobile began an investigation and closed the vulnerability quickly. T-Mobile subsequently confirmed that a breach of over 50 million users’ data had taken place.
The data hackers stole can cause serious harm in the real world. SSNs are a key component in identity theft, and when accompanied by a driver’s license, could be used to apply for everything from loans to credit cards. IMEI and IMSI numbers are valuable for stealing phone numbers or porting phone numbers in the pursuit of bypassing two-factor authentication (2FA). If you’re a current or former customer of T-Mobile, there is a chance hackers have your information. Hackers also accessed the account PINs of 7.8 Million current customers. These pins are used to enter an account, which leads to the ability to change and access personal details. Hackers who have these PINs could potentially gain access to your mobile number for spoofing or 2FA bypass attacks.
If I’m Affected, What Should I Do?
If you are a current, former, or were a prospective customer for T-Mobile at some point, it’s important you take action to ensure you don’t fall victim to identity theft. Follow these steps below to help improve your overall security.
Change Account PIN
If you’re a victim of the T-Mobile Data Breach, the first thing you should do is changing your account PIN. You should do this even if you’re not a current customer. Although it’s not believed that hackers compromised older PINs, it is better to take precautions. Log into your T-Mobile account, and follow the instruction on their support page to change your PIN.
McAfee Identity Protection
Visit T-Mobile’s page set up for victims of the breach. The company is offering two years of free McAfee identity protection to help mitigate some of the damage done by the breach. If you were affected, follow the links on the page to claim your free two-year protection plan. CyberHoot hasn’t evaluated this identity protection to determine its effectiveness. We recommend that you purchase independent ID Theft protection as an insurance rider on your existing policies and make sure you have legal support. This includes lawyers going to court to prove your identity and recover it rather than you having to leave work and take these actions.
Contact U.S. Government
If a hacker has already used your SSN to steal your identity, several options are open to you. The United States government will sometimes replace an SSN if you can prove the ID theft badly damages you. You can find more information at the SSA website.
File Tax Returns as Early as Possible
Hackers can submit your tax return to the IRS with the information stolen. Therefore, beat them to the punchline by filing your taxes as early in 2022 as possible.
Freeze Your Credit Records (don’t bother monitoring)
Follow this Identity Theft article advice to freeze your credit and prevent any new loans against your name from being taken out.
Additional Recommendations
If you weren’t affected by this breach but still would like to understand what should be done moving forward, follow these recommendations as best practices regarding personal data and cybersecurity.
Delete Old Data
Most companies offer a service to completely remove all data about a customer once you leave their service. Once you’re done using a service, such as T-Mobile, you should request that all your data be removed from their servers. This prevents your data from being forgotten about and eventually becoming caught up in a data breach like this.
Limit the Data You Give Out
In some cases, giving out your data is unavoidable. For example, companies use important information, such as your SSN, to perform credit checks and other vital services. However, if providing a company with information is optional, you should always opt-out of giving sensitive information if you can.
CyberHoot’s Cybersecurity Best Practices
In addition to performing the previous actions, CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Adopt a patch management solution
- Backup data using the 3-2-1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years