Over 40 Million current and past T-Mobile customers have had their information compromised in a data breach, the wireless carrier said on Wednesday. Customer’s social security numbers and drivers license numbers have been implicated in the breach. T-Mobile has warned targeted customers to be wary of identity theft, but the company also reassured their users that no financial information or passwords were gleaned in the breach.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the communications company said in a statement.
850,000 current prepaid customers have also had their accounts targeted. T-Mobile assured its customers that they will work together to protect those affected by the breach from identity theft for the next two years.
T-Mobile became aware of a potential breach after receiving a report that hackers had retrieved the data from 100 million accounts and were selling the information on the dark web. The company immediately began working with cybersecurity and law enforcement to review the report and the potential breach. They said on Wednesday that they have “located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”
The security website Bleeping Computer published screenshots showing a listing on the dark web offering personal information from 30 million T-Mobile customers for $280,000 in Bitcoin.
What to do to protect your information from a data breach
This is the latest in a cluster of data breaches and ransomware attacks that have hit companies across the world. If you are concerned about the vulnerability of your information, there are steps you can take to protect yourself from a potential data breach.
If you haven’t already, set up two-factor authentication with all websites that store your valuable data. If data thieves stole your password, but you use two-factor authentication, then they can’t use your password to access your account.
It takes a little effort to enter that single-use code sent to your phone each time, but it does protect you from harm when a breach occurs. Even better, use an authentication app rather than texting for two-factor authentication. This is especially critical for your bank and brokerage accounts. If you think your health-related information is valuable or sensitive, you should also take extra precautions with your health care provider’s website, your insurance company and your pharmacy.
If you used a unique password instead of reusing a favorite password you’ve used elsewhere, hackers can’t successfully use your credentials to access your other accounts. One-third of users are vulnerable because they use the same password for every account.
Take this opportunity to change your passwords, especially at banks, brokerages and any site that retains your credit card number. You can record your unique passwords on a piece of paper hidden at home or in an encrypted file you keep in the cloud. Or you can download and install a good password manager. Password managers encrypt passwords on your devices before they’re sent into the cloud, so your passwords are protected even if the password manager company is hacked.