On August 16th, 2021, T-Mobile confirmed a data breach occurred within its systems.
The hacker responsible for the breach was able to access data on over 50 million T-Mobile customers.
According to T-Mobile, this data contained personal information including:
- Phone numbers
- Physical addresses
- Dates of birth
- Government identification numbers
- Social security numbers
- Driver’s license information
- IMEI numbers
T-Mobile claims there is no indication that payment information such as credit or debit card numbers, account numbers, or passwords were part of the breach.
This is the fifth data breach T-Mobile has encountered in the past 4 years.
How the 2021 T-Mobile Data Breach Occurred
According to investigative reporting done by The Wall Street Journal, a 21-year-old American by the alias of John Binns claimed responsibility for the T-Mobile data breach in August 2021.
Binns claims he was able to access an unprotected router on T-Mobile’s company network.
The purpose of a router is to guide and direct traffic over a network. It also provides a layer of security in form of firewalls and content filtering.
A router that is not configured properly, however, can serve as an entry point to malicious hackers.
How a Data Breach Can Affect You
When a data breach occurs, malicious actors gain access to any personal information that was stored in the breached database.
In the case of T-Mobile, that included social security number, addresses, driver’s licenses, and more.
These pieces of information can be used to open lines of credit in your name and leave you vulnerable to credit card fraud and identity theft.
The data breach also gained access to IMEI numbers (International Mobile Equipment Identity).
IMEI numbers can be used in conjunction with a sim-swap attack to circumvent two-factor authentication methods or intercept verification codes sent over SMS text messages.
Someone with your device’s IMEI number could then perform account takeovers involving bank accounts, emails, or other logins tied to the device.
It can also open you up to spam text messages and other campaigns from vendors after sale of your information.
How to Protect yourself from a Data Breach
When a major data breach affects a service or database your information resides in, it’s important to take immediate steps to mitigate the risk of credit card fraud and stolen identity.
Here are some steps to take before, during, or after a data breach occurs:
- Freeze your credit: A credit freeze can be activated easily online for free and will prevent an attacker from opening new lines of credit in your name. You should freeze credit through the 5 main credit bureaus: Experian, TransUnion, Equifax, Innovis, and ChexSystems)
- Monitor your bank accounts: Take note of any unexpected charges, and enable alerts or notifications for any amount, including charges of $0.00.
- Use two-factor authentication: For any accounts you access online, you should leverage any two-factor authentication features they provide. This is an extra layer of security that involves confirming your identity through another channel, so only someone who has access to both pieces of login information can enter the account.
- Improve password security: Do not reuse passwords across different online accounts and avoid using similar variations of past passwords. Never store passwords in plain text such as in excel sheets or other documents. Instead, use a password manager such as LastPass, 1Pass, Bitwarden, or other offerings.
Contact a Legal Professional Experienced with Data Breaches
When a company suffers a data breach that affects your personal information, you may be entitled to compensation.
The expert attorneys at Anderson + Wanca are experienced in handling investigations, legal claims, and class action lawsuits involving data security and cyber-attacks.