In the era when smartphones have become indispensable in so many aspects of life, data breaches can be more devastating than ever before. The recent T-Mobile attack is a perfect example of such breaches. Here is what we know about the incident:
- The first and last names, dates of birth, Social Security numbers (SSNs), driver’s license/ID information, and IMEI and IMSI identifier numbers from approximately 7.8 million current T-Mobile postpaid accounts were compromised. An additional 5.3 million customer accounts had one or more associated names, addresses, dates of birth, phone numbers, IMEIs, and IMSIs compromised; however, their SSNs and ID information remained undefiled.
- The first and last names, dates of birth, SSNs, and driver’s license/ID information from approximately 40 million former or prospective T-Mobile customers were breached. An additional 667,000 former T-Mobile records were also breached, although the hackers did not obtain SSN or driver’s license/ID information.
- A separate set of stolen data includes phone numbers, IMEI, and IMSI numbers. However, these files are not directly associated with personally identifiable information.
- There is no indication that any compromised records contained credit card information, financial details, debit, or payment information.
- The names, phone numbers, and PINs of Approximately 850,000 active prepaid T-Mobile customers were stolen as well as similar data from inactive records. The company has changed all active PINs.
To combat the effects of this attack, T-Mobile is taking the following actions:
- Offering two years of free identity protection services to affected consumers
- Recommending that all customers sign up for scam-blocking software
- Providing tips and best practices to promote security awareness
- Making a customer support web page available that contains tips and tools
As it continues to provide optimal transparency to stakeholders, T-Mobile’s commitment to security also includes scrutinizing and revamping its internal systems and procedures via collaboration with industry experts. The ultimate goal is to take all possible proactive steps to protect customers and minimize the chances of a similar incident occurring in the future.