Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Bottom line is that T-Mobile apparently didn't know about the hack in any way shape or form until it was reported elsewhere well after the fact. So it appears to be pure incompetence on their part and statements that they are now "enhancing" their security are too little too late and not exactly reassuring given the magnitude of the this breach.
 
security is still not taken serious enough in corporate America ...
And yet, every time one of these breaches happens, the affected company invariably releases a statement including some variation of "we take your [security|privacy|protection] very seriously", proceeds to offer some worthless credit protection service, and that's it until next time. It would be funny if it wasn't so infuriating. When will they finally be held to account? The penalties must be higher than the cost of adequately securing their systems, otherwise nothing will ever change. It should also be forbidden for them to store personal information longer than necessary. A carrier has no business storing things like the SSN and driver license number after the initial sign-up.
 
See a lot of IT comments but this isn't an "IT" problem as much as it's a corporate security culture problem. They just don't have enough incentive at the moment to treat this information like they should. It's not as simple as just spending more on IT, it's about adopting security-first mindset across the entire organization.
 
  • Like
Reactions: FriendlyMackle
I work in IT. Trust me when I tell you this. You need to assume somebody somewhere has all of your information so pay for an ID left service and don’t keep an amount of cash you couldn’t afford to lose in a checking account with a debit card you actively use. Keep it in savings and transfer only what you need in the short run or, better yet, don’t use a debit card at all for online or physical transactions. If you get fraudulent charges on a debit card that money is gone and it can take days or weeks to try and get it back. With a credit card you are not responsible and if they won’t work with you then you can dispute the charges. Don’t let them get your money. ID protection services may seem like an unnecessary monthly fee right up until you get hit and need them. Find a credit card with good cash back or rewards you want to use it for everything. Check the charges daily. It’s worth it even if it adds 10 minutes to your day and another monthly fee.
Alternatively, you can get yourself a credit card that has a security chip that has a pin code, like every country does except the US
 
This statement is so much corporate BS:

To prevent future attacks, T-Mobile says it has "worked diligently to enhance security across our platforms" and is working with experts to understand both immediate and longer-term next steps.

The time to do that was BEFORE all of these MULTIPLE breaches. It’s quite clear that T-Mobile is not to be trusted with all this data. They are not good at protecting it. The question I have, is Verizon and AT&T?
I don't think any of them are better than the other.
 
  • Love
Reactions: AvisDeene
I work in IT. Trust me when I tell you this. You need to assume somebody somewhere has all of your information so pay for an ID left service and don’t keep an amount of cash you couldn’t afford to lose in a checking account with a debit card you actively use. Keep it in savings and transfer only what you need in the short run or, better yet, don’t use a debit card at all for online or physical transactions. If you get fraudulent charges on a debit card that money is gone and it can take days or weeks to try and get it back. With a credit card you are not responsible and if they won’t work with you then you can dispute the charges. Don’t let them get your money. ID protection services may seem like an unnecessary monthly fee right up until you get hit and need them. Find a credit card with good cash back or rewards you want to use it for everything. Check the charges daily. It’s worth it even if it adds 10 minutes to your day and another monthly fee.

tell me about this debit card theft thing, why should i be worried?
if its easily stolen then i guess the whole e-commerce would break apart
 
tell me about this debit card theft thing, why should i be worried?
if its easily stolen then i guess the whole e-commerce would break apart
Debit card is tied directly to your bank account. It is never a good idea to put yourself at risk with a debit card. You don't have the same kind of protection as you do with a credit card. If a scammer or thief makes a bogus transaction with your credit card, the money in your bank account is not affected and you are safe. With a debit card, the money comes out right away and it is then on you to prove it was a scam or theft and then you have to fight and then wait to get the money put back in your bank account.
 
Wait people actually use their debit card with online and in person transaction? Why not just use a CC…
 
Until they drop the hammers with fines and penalties and not these small fines that are nothing more than a slap on the wrist, these will continue to happen. I get all these companies have breaches but seems T-Mo must have the absolute worst IT since it seems to happen to them more often than the others.
 
  • Like
Reactions: FriendlyMackle
This is the email I got from TMobile. I don't currently have an account with them (I have TM service but as an additional line on someone else's account), but I did in the past. Whatever CC info they had back then is invalid by now (expired or closed).

Sounds like not much of my info was compromised?

Dear Customer,


T-Mobile has determined that unauthorized access to some T-Mobile data has occurred. We have no evidence that your debit/credit card information was compromised. We take protection of our customers seriously and we are taking action to protect your T-Mobile account.

Effective August 18, 2021, we have reset your account PIN to a randomly generated number. Since your wireless product does not receive text messages or our text message failed, you will need to contact our Customer Care team at 1-877-778-2106 to reset this PIN to your preferred 6-digit code.
 
How this is even possible boggles my mind.
It often happens when a company like T-Mobile outsources some jobs/functions to an outside company with inept and untrustworthy employees just to save money. Sometimes these companies are overseas where a company like T-Mobile have little to no oversight. We’re past the point where we can trust that our personal data will always be safe with any company, even Apple. Stay vigilant, scrutinize all of your statements/mail, use multi-factor authentication, don’t click on any link in a suspicious text message or email, etc.
 
  • Like
Reactions: Premium1
no company should be allowed to ask
for your SSN....there's no single reason for them to posses that info.
This is the real answer. Only companies/organizations required to remit taxes in your name should have your SSN. Every other entity should be banned from possessing it.

The social security number was designed to be an identification number. It was never designed to be an authentication number. Corporate American needs to be forced to design an authentication systems for credit reporting purposes.
 
I was told (by the website) almost 24 hours ago I would get a link to activate this.

I'm still waiting.

I then contacted customer service T-Mobile via Apple Business Chat and they told me that I would get the link within 24 - 48 hours of signing up.

Is anyone else's taking this long?

4F32D802-62E2-429A-8AC3-B012150085AC.jpeg
 
Just got a text message from T-Mobile.

T-Mobile has determined that unauthorized access to some of your information, or others on your account, has occurred, like name, address, phone number and DOB. Importantly, we have NO information that indicates your SSN, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take the protection of our customers seriously. Learn more about practices that keep your account secure and general recommendations for protecting yourself: t-mo.co/Protect

Hopefully, I don’t get another text message that more personal data was exposed.
 
security is still not taken serious enough in corporate America ...
That’s because some of them still have this mindset that it’s still the 20th century and these hackers are kids in basements. If fines were much larger, these companies would start to get more serious.
 
  • Like
Reactions: Premium1
Just got a text message from T-Mobile.

T-Mobile has determined that unauthorized access to some of your information, or others on your account, has occurred, like name, address, phone number and DOB. Importantly, we have NO information that indicates your SSN, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take the protection of our customers seriously. Learn more about practices that keep your account secure and general recommendations for protecting yourself: t-mo.co/Protect

Hopefully, I don’t get another text message that more personal data was exposed.
I just got the same text message. I hope it stays that way compared to getting more information.
 
  • Like
Reactions: dampfnudel
What's the betting that T-Mobile was complacent with it's security having the belief that it was OK and thus did not need to spend money on updating it and along comes some hackers to exploit weakness in the system. Only then does T-Mobile spend money to update it's security systems.

Those of us who have worked in businesses know full well that business owners and directors will not spend money if they have to, if something works, let it carry on working even if it is out of date. Computer systems need updating, machines need regular maintenance but because the computers and machines are running ok, bosses and owners do not see the reason to spend money on upgrades/updates or maintenance costs. Then due to their complacency, machines break down and hackers find exploits in old outdated systems and all the company does is goes 'opps, we got a problem, we must update our policy and procedures so it doesn't happen again.

I have no doubt a T-Mobile whistleblower will come forward saying that the company was warned about it's security systems being out of date and needing updating but the company said the system worked fine and thus no need to spend money on updating the system.
 
It often happens when a company like T-Mobile outsources some jobs/functions to an outside company with inept and untrustworthy employees just to save money. Sometimes these companies are overseas where a company like T-Mobile have little to no oversight. We’re past the point where we can trust that our personal data will always be safe with any company, even Apple. Stay vigilant, scrutinize all of your statements/mail, use multi-factor authentication, don’t click on any link in a suspicious text message or email, etc.
We’re at the point in which we need something other than the SSN and a law that prevents companies from requiring it.
 
I got this message a few minutes ago from T-Mobile. I suspect another message will come later contradicting this one and saying financial information was compromised too. Thankfully I keep my credit frozen, so not as big of a deal as it could be.

T-Mobile has determined that unauthorized access to some of your information, or others on your account, has occurred, like name, address, phone number and DOB. Importantly, we have NO information that indicates your SSN, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take the protection of our customers seriously. Learn more about practices that keep your account secure and general recommendations for protecting yourself: [link deleted]
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.