Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,694
16,882


T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers.

tmobilelogo.jpg

At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile says that it has confirmed that data from another 5.3 million postpaid customers was accessed.

Information accessed from these customers included names, addresses, birth dates, phone numbers, IMEIs, and IMSIs. The prior 7.8 million customers also saw their SSN and driver's license information stolen.

T-Mobile says that on top of the previously announced 40 million former or prospective customers that were impacted, another 667,000 accounts of former customers were breached. Hackers were able to obtain names, phone numbers, addresses, and birth dates from these customers. Other former and prospective customers had their SSN and driver's license information leaked.

Hackers were also able to access data files that included phone numbers, IMEI numbers, and IMSI numbers, but that data included no personally identifiable information. T-Mobile says that it does not believe that the data in the stolen files included customer financial information, credit card information, debit, or other payment information.

There were 850,000 T-Mobile postpaid customers impacted with phone numbers and PINs exposed, and T-Mobile has reset the PINs on all of these accounts. T-Mobile now says that up to 52,000 names related to current Metro by T-Mobile accounts may also have been included, but none of the T-Mobile files stolen related to former Sprint prepaid or Boost customers.

The attack was first identified when hackers posted on a forum offering to sell data from 100 million T-Mobile customers. The data for sale included social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver's license data.

T-Mobile says that it has contacted millions of customers and is offering those impacted two years of identity protection services with McAfee's ID Theft Protection Service. The company also recommends that eligible T-Mobile customers sign up for free scam-blocking protection.

To prevent future attacks, T-Mobile says it has "worked diligently to enhance security across our platforms" and is working with experts to understand both immediate and longer-term next steps.

Article Link: T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach
 

ThatGuyInLa

macrumors 6502a
Oct 26, 2012
633
736
Longs, SC
So with the phone info they got in addition to all your other data. Can they clone your phone and thus gain access to Two-Factor security? Along with stealing your identify of course. If that's the case, then, let the lawsuits fly!

I currently get free lifetime credit monitoring from Experian because of their breach. It's only monitoring though, not lock protection stuff. T-Mobile will need to shut down everyone's phones affected. Then give you a new one. I am SURE they will do this. SURE.
 

nutmac

macrumors 603
Mar 30, 2004
5,320
4,866
Affected data include date of birth, SSN, and driver’s license. I asked T-Mobile why these information need to stored. Their answer? When a customer leaves T-Mobile and then returns, these information allow T-Mobile match up and reuse old customer information.
 

WWP99

macrumors newbie
Apr 14, 2021
20
45
Maybe a few big class action lawsuits against companies that have proven incompetent with securing their customer's data will make Corporate America take security more seriously. My bank's deposits are insured against a bank robbery. Maybe Corporate America should have insurance on their customer's data?
 

Macaholic868

macrumors 6502a
Feb 2, 2017
580
755
I work in IT. Trust me when I tell you this. You need to assume somebody somewhere has all of your information so pay for an ID theft service and don’t keep an amount of cash you couldn’t afford to lose in a checking account with a debit card you actively use. Keep it in savings and transfer only what you need in the short run or, better yet, don’t use a debit card at all for online or physical transactions. If you get fraudulent charges on a debit card that money is gone and it can take days or weeks to try and get it back. With a credit card you are not responsible and if they won’t work with you then you can dispute the charges. Don’t let them get your money. ID protection services may seem like an unnecessary monthly fee right up until you get hit and need them. Find a credit card with good cash back or rewards you want to use and then use that card for everything. Check the charges daily. It’s worth it even if it adds 10 minutes to your day and another monthly fee.
 
Last edited:

nwcs

macrumors 68020
Sep 21, 2009
2,255
3,556
Tennessee
security is still not taken serious enough in corporate America ...
Actually, I bet it’s taken very seriously. The problem is manifold: the threat landscape keeps changing, some hacks are financed by governments who can outspend even large corporations, some things are inherently less secure because the hack is on the person and not a computer, and you have people inside of a company who do duplicitous things for revenge or profit or boredom.

This is a consequence of daily life being so accessible. There’s benefits but the negatives are finally being understood.
 

joshwenke

macrumors regular
Mar 26, 2011
235
932
Keep in mind this is the sixth T-mobile breach (that we know of) in just the last four years. This is horrible.
 

npmacuser5

macrumors 65816
Apr 10, 2015
1,414
1,564
I work in IT. Trust me when I tell you this. You need to assume somebody somewhere has all of your information so pay for an ID left service and don’t keep an amount of cash you couldn’t afford to lose in a checking account with a debit card you actively use. Keep it in savings and transfer only what you need in the short run or, better yet, don’t use a debit card at all for online or physical transactions. If you get fraudulent charges on a debit card that money is gone and it can take days or weeks to try and get it back. With a credit card you are not responsible and if they won’t work with you then you can dispute the charges. Don’t let them get your money. ID protection services may seem like an unnecessary monthly fee right up until you get hit and need them. Find a credit card with good cash back or rewards you want to use it for everything. Check the charges daily. It’s worth it even if it adds 10 minutes to your day and another monthly fee.
Your points are good. Why does all the corporate ineptitude always fall down to my level. Even Apple, I spend enough hours troubleshooting their problems to qualify for benefits. Not just the time but the expense. We all pay top dollar for wireless compared to the rest of the world and we need to spend more to fix their ineptitud. Corporate welfare comes to mind.
 
  • Like
Reactions: MadeTheSwitch
Jun 7, 2021
49
63
I work in IT. Trust me when I tell you this. You need to assume somebody somewhere has all of your information so pay for an ID left service and don’t keep an amount of cash you couldn’t afford to lose in a checking account with a debit card you actively use. Keep it in savings and transfer only what you need in the short run or, better yet, don’t use a debit card at all for online or physical transactions. If you get fraudulent charges on a debit card that money is gone and it can take days or weeks to try and get it back. With a credit card you are not responsible and if they won’t work with you then you can dispute the charges. Don’t let them get your money. ID protection services may seem like an unnecessary monthly fee right up until you get hit and need them. Find a credit card with good cash back or rewards you want to use it for everything. Check the charges daily. It’s worth it even if it adds 10 minutes to your day and another monthly fee.
Great post! It is well worth the extra 5-10 minutes a day to do what you've suggested.
 
  • Like
Reactions: joshseibert
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.