T-Mobile Security Data Breach
On August 17th T-Mobile learned their systems were breached. The cyber incident included personal information such as names, driver’s licenses, governmental identification numbers, Social Security number, dates of birth, T-Mobile pre-paid PINs (which have been reset) and addresses and phone numbers. T-Mobile says they have no indication that personal financial information or payment information, credit or debit card information, account numbers, or account passwords were accessed. Read more below for information about the breach. For more information on how to protect yourself if you were a client of T-Mobile, visit their website.
Data Breach Details
According to T-Mobile, the company first realized that cybercriminals had hacked into its servers the week before the breach was revealed to the public. During this time, the cybercriminals gained access to a range of company data—including existing, prior and potential customers’ personal information. That weekend (Aug. 14-15), the cybercriminals began trying to sell this information online for over $250,000 in bitcoin.
While the cybercriminals initially claimed to have exploited nearly 100 million individuals’ personal information, T-Mobile confirmed that the actual number is closer to 48 million—which still represents a significant chunk of the company’s customer base. Breaking down this number, T-Mobile explained that the breach ultimately compromised sensitive account information from approximately 7.8 million current customers and 40 million past or prospective customers. This information includes:
- First and last names
- Dates of birth
- Social Security numbers
- Driver’s license information
In addition, T-Mobile shared that 850,000 customers who were enrolled in prepaid services also had their phone numbers and account PINs exposed. Fortunately, the company asserted that no individuals’ financial records or payment information were compromised.
How T-Mobile Is Responding to the Breach
T-Mobile is currently working with the proper authorities to conduct a full forensic investigation of the incident. The company is also in the process of notifying all individuals who had their information exposed. To support those affected by the breach, T-Mobile is:
- Providing impacted individuals with two years of identity theft protection services at no cost
- Implementing extra security measures to help customers better safeguard their T-Mobile accounts
- Encouraging all existing customers to proactively update their T-Mobile account passwords and PINs
- Developing a new page on its website detailing the company’s response to the breach and additional actions individuals can take to protect themselves
For Extra Protection
To further mitigate their risks of experiencing identity theft or other forms of fraud from this breach, impacted individuals should put a temporary freeze on their credit files by contacting each of the following three major credit bureaus:
- Equifax (800-685-1111)
- Experian (888-397-3742)
- TransUnion (888-909-8872)
Cyber security is very important for your business.
Take steps to understand how to better protect your company, employees and your clients. Reach out to your Valent Group producer or account manager to ask about cyber security.
Visit our Cyber Center to learn more about Cyber Liability.
Information abstracted from Zywave’s “Cyber Update – T-Mobile Data Breach” article.
This blog and its contents are not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.