T-Mobile has confirmed over the last week that the company was subject to a major data breach which exposed personal information for at least 50,000,000 people. This information included first and last names as well as birth dates and Social Security numbers. It also includes driver’s licence information. This is the most dire scenario. We only found this out because the company replied to Vice’s Motherboard’s report. __S.4__
This information is mostly owned by individuals who have applied to T-Mobile for an account and gave the information in order to conduct a credit check. Even customers who have never tried opening an account with T-Mobile are at risk.
Unfortunately, the company has not responded to my concerns. T-Mobile customers are one example. I have not received a single notification from them about this breach. Is that a guarantee my data is secure? It is difficult to say.
T-Mobile has been in touch with news media and stated that it was not able to access financial or debit card data. It’s not reassuring to know that someone could have all the information necessary for opening a credit card under your name.
Even worse, this gives SIM-swapping hackers a huge gift. SIM-swapping is where someone convinces a carrier they’re someone else and has their phone number changed to them.
That may seem like a strange hack until you realize that most of the things we’d rather keep a hacker out of are protected with two-factor authentication (2FA), which, in most cases, involves sending a text message to your mobile phone. This means that hackers can access your phone number and many of your online banking information.
This is all very bad. But let’s get back to what T-Mobile hasn’t done to inform customers. If you have put personal data of over 50 million individuals at risk, then your first task is to protect them.
T-Mobile did publish a blog post with information for affected customers, but has not–as far as I can find–reached out to customers directly aside from a text message that said:
T-Mobile determined that there has been an unauthorized access to your personal information or other account data, such as your name, address and phone number. We do not have any information about your SSN, financial information or personal payment details, nor account numbers or passwords. Our customers’ security is important to us. Find out more about how to keep your account safe and what you can do to protect yourself at t-mo.co/Protect
This message is a huge understatement of the truth. It doesn’t matter if you don’t know if a customer’s SSN was compromised. In this instance, it is probably best to assume that it was. T-Mobile customers may not have received the text message notification. This makes it difficult to know if they are affected.
T-Mobile’s reaction makes it seem almost impossible. It actually looks worse than the hacker who stole the data. Hackers who steal data from companies are criminals. They know this, and they are expected to do terrible things.
We expect companies to respect our data and to keep it safe. This is not unreasonable. It is also reasonable to expect that companies will be open and honest about any data theft. You should tell us what to do if you are unable to secure our data.
T-Mobile’s blog entry says it all. T-Mobile’s blog post explains, for example that they are “relentlessly focused upon taking care of customers–that is not changed.” “We have been working round the clock to resolve this issue and protect you. This includes immediate measures to safeguard all persons who might be in danger.
Communication is important if your focus is on customer care. This is true for all customers, but it’s especially important when personal data of your customers are at risk.
Take care of yourself
To protect your privacy, log in to your T Mobile account. Change your password. T-Mobile users can access their accounts using their phones numbers even if passwords and user names aren’t compromised. You should be worried if a hacker gets your number. I have already discussed why this is bad news.
Next, place a freeze in your credit report. You can place a freeze on all three major credit bureaus. This will prevent anyone from opening credit under your name. T-Mobile claims it will give its customers two years identity protection through McAfee. This serves the same purpose.
T-Mobile offers an account takeover protection service, which you can free add to your existing account. This prevents anyone from using your number without you consent.
These steps don’t seem to be too difficult, which is the good news. T-Mobile should have proactively reached out to its customers with this information. It is hard to believe. If you don’t communicate well, it sends a message to your customers that you aren’t caring about them. This is the worst thing that you can do.
Publiated at Sun 22 August 2021, 08:22.29 +0000