has spoken out about the August hack. The breach includes names, driver’s license numbers, Social Security numbers and device identification (IMEI and IMSI) numbers for subscribers, former customers and even prospective customers who may have been interested in T-Mobile service. Metro by T-Mobile may be impacted, too.
John Brinns, the 21-year-old who claims responsibility for the hack, detailed the breach that affected over 54 million people, in an interview with The Wall Street Journal. Brinns shared that the key to the cyberattack was one of T-Mobile’s unprotected routers and weak spots in the company’s internet addresses that apparently gave him access to over 100 servers. He was able to access the data on Aug. 4; T-Mobile reported the attack on Aug. 16.
Get the CNET Mobile newsletter
Find the best phones, apps and accessories with our CNET Mobile newsletter. Delivered Tuesdays and Thursdays.
Since the attack, the wireless carrier is now offering free identity theft protection, advanced spam-blocking and access to its Account Takeover Protection service to protect postpaid customers from their phone numbers being stolen. The company has also reset PINs for all prepaid customers after the exposure of 850,000 accounts, T-Mobile’s CEO, Mike Sievert, wrote in a blog post that there’s “no indication” that financial data like credit card or other payment information was compromised and said that “there is no ongoing risk to customer data from this breach.” Brinns, however, did not share with the Journal whether he sold the data or if he was paid to carry out the breach — which could be a bigger problem for those affected.
Americans get go-ahead for COVID boosters, T-Mobile breach…
Lock your credit with all three credit bureaus
One of the first things you should do is put a freeze on your credit. Doing so will prevent anyone with your information from opening a line of credit, or taking out any loans under your name. Freezing your credit won’t take long: You’ll just need to fill out a form with Equifax, Experian and Transunion (one from each company) to make the request.
The downside to freezing your credit is that when you want to make certain purchases, such as upgrading your iPhone, you’ll need to go through the process of briefly removing your credit freeze — and then refreezing once you’re done.
Yes, it’s inconvenient. But the extra time you take to freeze, unfreeze and then refreeze your credit is worth it and pales in comparison to the time you’d spend trying to reverse the damage done by someone opening a credit card or line of credit in your name.
Use a credit monitoring service
Staying on top of what’s on your credit report is an easy way to make sure someone isn’t using your information nefariously. Some companies offer free credit monitoring to victims of a data breach, but oftentimes that’s only temporary. For example, T-Mobile is offering two years of McAfee’s ID Theft Protection Service for free to those affected by the latest breach. Take advantage of offers like this if your data is included in a breach, but once the limited-time offer expires, be ready to sign up for another service.
There are several credit monitoring services that help you watch your credit report and using one could mean you will receive an alert and hopefully catch false accounts as soon as they happen.
Sign up for identity-theft monitoring
Monitoring your credit report is an important step to take; however, there’s so much more that can be done with your personal information. In addition to keeping an eye on your Social Security number and credit, an identity-monitoring service will monitor the dark web for anyone selling or trading your personal information or arrests under your name. It should give you peace of mind if someone tries to do anything with your personal information.
Store your logins with a password manager
Using a unique and strong password for every online account you own is an easy way to make sure a breach of one service doesn’t lead to bad guys accessing more of your online accounts where you used the same password.
Instead of reusing a password — or a series of passwords — rely on a password manager to create, store and autofill your login information. T-Mobile is also sharing best practices to reset PINs and passwords with customers to help protect their data and logins.
Don’t wait to protect your personal data
The most important aspect of taking action after a hack or breach is announced is to not wait for the affected companies to announce how they want you to handle it. Be proactive. At the end of the day, it’s your information and your financial future that’s at stake.
After locking down your credit and starting monitoring services, begin to look at suggestions from the affected companies.