I also really enjoy the calls from “the Windows company”, Social Security Investigators, and text messages from Amazon and Costco sweepstakes (which I never win, but still get to claim hundreds of dollars in prizes).
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers
- Thread starter MacRumors
- Start date
- Sort by reaction score
I also really enjoy the calls from “the Windows company”, Social Security Investigators, and text messages from Amazon and Costco sweepstakes (which I never win, but still get to claim hundreds of dollars in prizes).
Shouldn't people like sue T-Mobile for storing their data and not protect it and now because they messed up I am personally hurt? Stuff like date of birth, SSN, and driving license can be used for social hacking where someone would dial in somewhere and use that info to gain access to your account.
Wow, this is like the 3rd time in the last 5-7 years at t-mobile. Seems like their security team is useless. I graduated from UW with a CS degree and got rejected from t-mobile while a more diverse individual from my classes that copied/needed help on alot of the projects/assignments got a job offer from them. Maybe they're not hiring the best individuals for the job.
According to their press release:
- Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.
7.8 million is still too many, in my opinion. T-Mobile should be ashamed.
Now is a good time to question why phone companies need to access our credit files to provide a service. Why does T-Mobile need more information about us than a bank receives when opening a checking account?
If you haven't already, make sure and contact T-Mobile about adding Account Takeover Protection to all post paid lines of service. Tell the customer service rep you want port protection on your lines. Otherwise, they won't know what you are talking about with the "Account Takeover Protection, even though it is stated on their website.
Last edited:
If you are in the U.S., you can request a new drivers license number at your local DDS location.
This. You decide not to enter into business with them and they STILL cost you time and money at the very least.
alternate headline: Computer nerds suck at their job and get destroyed by more savvy computer nerds.
This is not surprising in the least. The general public have no idea how poor most companies are at keeping their data secure. You’d be shocked to know the way some of them handle passwords, for example.
In 2021 there is no excuse to be storing passwords plain-text in databases and yet some of the biggest companies are still doing it. If you go to change or set a password for an online account and the website/app won’t allow you to use a password with certain very reasonable characters like hyphens, question marks, etc. and won’t allow passwords over a certain unreasonably short length, you can be almost certain those passwords are stored plain-text.
In addition, due to my job, I’m privy to the IT runnings of many companies, small and large and I am always shocked that the people in charge of security seem to have no understanding of security at all. They use passwords so weak you wouldn’t believe and these passwords are put in place to keep bad actors out of your private data. It’s absolutely shocking how little thought is given to security these days at some companies.
In 2021 there is no excuse to be storing passwords plain-text in databases and yet some of the biggest companies are still doing it. If you go to change or set a password for an online account and the website/app won’t allow you to use a password with certain very reasonable characters like hyphens, question marks, etc. and won’t allow passwords over a certain unreasonably short length, you can be almost certain those passwords are stored plain-text.
In addition, due to my job, I’m privy to the IT runnings of many companies, small and large and I am always shocked that the people in charge of security seem to have no understanding of security at all. They use passwords so weak you wouldn’t believe and these passwords are put in place to keep bad actors out of your private data. It’s absolutely shocking how little thought is given to security these days at some companies.
If a person is no longer a customer of T-Mobile then why does T-Mobile feel it's required to keep their information in their database. If a customer leaves the company then the company should delete their information, not store it. I wonder how many other companies and businesses do this, store the information of ex-customers. This practice should be banned and governments should step in an make sure the practice of storing the personal information of ex-customers is banned.
Once a customer has left a company/business, that company/business no longer has a right to keep that customers personal information on file. There should be a law that makes it compulsory for companies/businesses to delete customers data when they leave the company/business.
Also, when data breaches happen, companies seem to think it's ok that no financial data was stolen, just personal data because they always make a point of saying no financial data was stolen as part of the breach. That is not the point. Identity theft is becoming a major issue in todays society and it is being fueled by hackers breaching companies computer systems and getting access to peoples personal information such as name, address, phone number. That is all a criminal needs to steel a persons identity.
If a company/business cannot keep customer data safe then they should be finned the equivilent of the companies yearly profit or the company should be forced to shut down.
Once a customer has left a company/business, that company/business no longer has a right to keep that customers personal information on file. There should be a law that makes it compulsory for companies/businesses to delete customers data when they leave the company/business.
Also, when data breaches happen, companies seem to think it's ok that no financial data was stolen, just personal data because they always make a point of saying no financial data was stolen as part of the breach. That is not the point. Identity theft is becoming a major issue in todays society and it is being fueled by hackers breaching companies computer systems and getting access to peoples personal information such as name, address, phone number. That is all a criminal needs to steel a persons identity.
If a company/business cannot keep customer data safe then they should be finned the equivilent of the companies yearly profit or the company should be forced to shut down.
It costs money to keep customers data very secure hence why companies/businesses pay very little attention to their security protocols.
When the world suffered the banking crisis and many banks were bailed out by their governments because the baks played the risk game and didn't have enough in financial reserves in back up in case things went wrong, a safety protocol was put in place, especially in Europe, to make sure that banks have enough financial reserves that if such a thing was to happen again, the banks would not struggle this time. This safety protocol is run every few years and any bank that fails the safety check is warned that they need to improve otherwise they face hefty penalties.
This same safety protocol must be appiled to companies/businesses that hold millions of customers data. As daunting as it may seem, a specialist company should be set up that goes around checking on the data security systems of companies/businesses that store huge amounts of customer data, making sure the data security systems are secure enough to prevent data breaches. Any lapses found in security the company/business concerned are then mandated to improve their data security systems or face hefty penalties.
Wondered this myself. Was a customer until 2011. What the heck were they doing holding on to my information all these years.
I love the messages that say 'this is our last attempt to contact you', yet the same voice has left messages over and over for years. I would have thought that my 'last call' would have happened by now. If you are going to break up with me, GET IT OVER WITH!!!
How do you know it wasn't?
Often the breach involves access to applications that have access to encrypted data.
Everyone should have their credit reports locked.
Exactly. IMHO there's no good reason to not have your credit frozen as the default stance.
When you anticipate applying for new credit, do a temporary thaw.
Last edited:
I'm over here reading this article and comments thinking "Hmmm, I wonder if my account is affected" and within seconds as if by magic I get this automated text from t-mo.
In some strange irony here I was on a support call with t-mo just a few days ago because of a billing issue. AutoPay didn't "autopay" and a payment was missed. I was concerned it would hit my credit report, but apparently t-mo doesn't report payment delinquency to credit bureaus (or so the rep claimed).... so why do they need SSN info....?
Ugh.
In some strange irony here I was on a support call with t-mo just a few days ago because of a billing issue. AutoPay didn't "autopay" and a payment was missed. I was concerned it would hit my credit report, but apparently t-mo doesn't report payment delinquency to credit bureaus (or so the rep claimed).... so why do they need SSN info....?
Ugh.