Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Should say as I always do, things like this won’t stop happening until all customer data is encrypted at rest and company C-suite occupants can be prosecuted or fined if they fail to protect customer data.
 
Fingers crossed I am not one of the ones affected. Good thing I have my credit frozen.
I’m not a T-Mobile customer but after the various data breaches I’ve had my credit frozen for years.

At this point such a large percentage of American’s data (and I’m sure a good amount of non-American) is available, bought, and sold, that it’s a wonder people keep moving to a mobile cloud data driven life.
 
yea, but you usually don't get too many perks with prepaid plans.
What perks? I get unlimited calls and texts. Way more high speed data than I ever use plus unlimited 3G after that. More tethering than I need plus unlimited 3G afterward. Free 5G upgrade (if I had a 5G phone to make use of it). I've had my prepaid plan for ten years. They just keep boosting the data allotments and speed without a single price increase or ever having to call them. I think I also have unlimited video (although I rarely watch anything on my phone).

I look at the post paid plans every year from the major providers. With the same number of lines. I never see anything extra I have use for. Just an additional $400 to $600 per year in price.
 
  • Like
Reactions: Captain Trips
What perks? I get unlimited calls and texts. Way more high speed data than I ever use plus unlimited 3G after that. More tethering than I need plus unlimited 3G afterward. Free 5G upgrade (if I had a 5G phone to make use of it). I've had my prepaid plan for ten years. They just keep boosting the data allotments and speed without a single price increase or ever having to call them. I think I also have unlimited video (although I rarely watch anything on my phone).

I look at the post paid plans every year from the major providers. With the same number of lines. I never see anything extra I have use for. Just an additional $400 to $600 per year in price.
christ, if you saw my post, you'd think you might have seen my response as well. here: i'm referring to things like netflix, kickback(grandfathered — no longer offered), 2g data + texting in s-ton of countries, and mexico&canada are free, not $5/mo. i'm sure there are more, but these should last you.
oh and btw — you not having a 5g phone doesn't mean it's not nice to have that free upgrade. btw, out of curiosity — how much is monthly bill/# of lines?
 
There are 3 things that should be done immediately to make these data breaches essentially irrevelant.

1) Freeze your credit report with all three credit reporting agencies (Experian, Equifax, & Transunion)
2) Set up online account with IRS and request Identity Protection PIN. With this PIN, no one can file either digital or paper tax return without it.
3) Set up online access to individual Social Security account.

With the above three active, SSN is useless to a third party. A phone company will have to have you temporarity lift the freeze (Transuniion in the case of T-Mobile) in order to set up an account.
 
Can you really decline their asking of SSN?
Nowadays the companies may deny you service if you don't supply all the information they want!
You literally can't buy certain phones and plans without providing an SSN.
The law only requires that you give your ssn for loans, banking, health insurance, and a few other select applications. Any other time you’re asked for it you can refuse.

The catch is that if you’re signing up on the internet there are often required items that block you from submitting the form if left blank. Thus you often need to use a paper form or sign up over phone if you want to avoid giving some information.
 
The law only requires that you give your ssn for loans, banking, health insurance, and a few other select applications. Any other time you’re asked for it you can refuse.
Great.. but, they would just refuse to sell you anything if you didn't provide it. Right? Most of the time an SSN is used for a loan on the phone in this case anyway.
 
Let’s class action lawsuit T Mobile and demanded free cell service for a year and identify theft protection
 
How could one ever prove that they were harmed by a data breach? When my bank accounts are compromised and identity stolen 6 months from now because someone retrieved my personal information from t-mobile, it will be very difficult if not impossible to link it to the company.
 
Aww s***, this sucks. T-Mobile needs to get it together. I've been a customer for several years now and their support has been pretty good, so I'm hopeful they'll do the right thing and help us all out. But their new CEO doesn't seem as good as the last one so I doubt it. I've already got someone in another state trying to hack my Amazon account right now so this has to be related.
 
Aww s***, this sucks. T-Mobile needs to get it together. I've been a customer for several years now and their support has been pretty good, so I'm hopeful they'll do the right thing and help us all out. But their new CEO doesn't seem as good as the last one so I doubt it. I've already got someone in another state trying to hack my Amazon account right now so this has to be related.
I hope you have 2FA turned on for your T-Mobile account.
 
  • Like
Reactions: Stunning_Sense4712
That’s totally unacceptable in this day and age. As a T-mobile customer for years now, this is really bad. Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information! What else? Mother’s Maiden Name? T-Mobile needs to pay for a years worth of fraud monitoring on every account stolen at the very least!
A year? Most hackers know to wait at least a year when everyone lets down their guard before using all this data. Fraud monitoring should be provided for at least 10 years. But we know that will never happen considering even Equifax didn't provide much more than a couple of years of fraud monitoring after they were hacked.
 
If the hacker was telling the truth, it sounds like the data was not properly hashed.

It is getting harder and harder to do business with a company that hasn't already had a breach.
Probably a case of those that know they have breached, and those that have been breached but not yet figured it out.
 
Credit report freezing is always a good security measure, as is preemptively setting up accounts with government agencies such as the IRS, the USPS, and the Social Security Administration. But there is another risk that mobile phone provider breaches intensify: SIM swapping. The types of customer information involved in the T-Mobile attack can make it easier for an attacker to take control of your mobile phone number.

So an important defensive action is to stop using text messages and voice calls for 2-factor authentication as much as possible. It is better to use on-device code generators, such as Google Authenticator, or a hardware security key, such as YubiKey. For any websites or apps that only allow telephone-based 2FA, consider using either a landline number or a virtual phone number, such as Google Voice.

----------
Two resources for anybody interested in learning more:



...and an article that discusses previous T-Mobile breaches:
 
Credit report freezing is always a good security measure, as is preemptively setting up accounts with government agencies such as the IRS, the USPS, and the Social Security Administration. But there is another risk that mobile phone provider breaches intensify: SIM swapping. The types of customer information involved in the T-Mobile attack can make it easier for an attacker to take control of your mobile phone number.

So an important defensive action is to stop using text messages for 2-factor authentication as much as possible. It is better to use on-device code generators, such as Google Authenticator, or a hardware security key, such as YubiKey. For any websites or apps that only allow SMS 2FA, consider using either a landline number or a virtual phone number, such as Google Voice.

----------
Two resources for anybody interested in learning more:



...and an article that discusses previous T-Mobile breaches:
Excellent post that people need to take heed.

I use the app "OTP Auth" on my Apple devices for 2FA and if needed, I can use a landline for confirmation as well.

I suggest everyone change their account passwords and email address ASAP.
 
Last edited:
  • Like
Reactions: Shirasaki
I've been a Sprint customer for years before it was merged with T-Mobile. I still can log into Sprint website and access my account. It's not clear if this database was also breached. Either way I'm changing everything. Lucky my three credit reporting agencies been frozen ever since that Equifax data breach fiasco.
 
You literally can't buy certain phones and plans without providing an SSN.
Not true in the case of T-Mobile. I’ve been using them for several years now. Started out on a prepaid plan. After a year or so of paying on time I switched to post paid and no ssn was required. Can get any phone or accessory for the same monthly price as one that provided an ssn.

for the record I don’t have issues. Just never wanted to provide social to minimize issues such as this.
 
Dang. I'm a T-Mobile customer and I definitely remember giving them my license about 3 years ago when I switched. My mom's on it too. What can someone do when your name, birthdate, SSN, drivers license, phone number, and IMEI are all in a database?! That's like... all the stuff that T-Mobile requires to port your number. Incredible.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.