Skip links

T-Mobile’s data breach exposes the personal data of 40 million

T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.  

Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.  

Here’s what you can do to secure your identity 

1. Change your T-Mobile password and security PIN  

This is the immediate step all affected subscribers should take.  

2. Take advantage of the free identity theft protection being offered by T-Mobile 

As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service. 

3. Use app-based multifactor authentication 

One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multifactor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number. 

4. Be wary of phishing attempts through email 

T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.  

 5. Take further steps to protect your digital identity 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity. 

For regular updates and official news from T-Mobile, visit their Newsroom blog here.