T-Mobile Breach Affects Nearly All US Customers
T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot
worst of the worst for cybersecurity breaches. While preparing this article on
the latest 54 million subscriber breach, we found no less than 4 other breaches
over the last seven years. In 2015, 15 million social security numbers and
addresses of subscribers were stolen. In 2018, 2 million subscribers had
personal information compromised.
In 2019 they had exposed 1 million subscriber’s personal
information. Lastly, in 2020, they had a breach that compromised 200,000
subscribers. Now we find out everything they ever collected was stolen. They
clearly are not learning from their mistakes. The 2021 breach includes current,
former, and prospective T-Mobile customers; including customers of Metro by
T-Mobile. That means almost anyone who’s given their information to T-Mobile
could be affected.
What Was Stolen?
While we don’t yet know how this breach occurred, we do know
what was stolen. The latest breach includes subscriber’s full names, driver’s
license numbers, Social Security Numbers (SSN), and phone identification (IMEI
and IMSI) numbers. T-Mobile discovered this exploit when hackers started
selling T-Mobile customers’ user data on a dark web forum. The hackers claimed
to have over 100 million users’ private data when they spoke to Vice. In
response, T-Mobile began an investigation and closed the vulnerability quickly.
T-Mobile subsequently confirmed that a breach of over 50 million users’ data
had taken place.
The data hackers stole can cause serious harm in the real
world. SSNs are a key component in identity theft, and when accompanied by a
driver’s license, could be used to apply for everything from loans to credit
cards. IMEI and IMSI numbers are valuable for stealing phone numbers or porting
phone numbers in the pursuit of bypassing two-factor authentication (2FA). If
you’re a current or former customer of T-Mobile, there is a chance hackers have
your information. Hackers also accessed the account PINs of 7.8 Million current
customers. These pins are used to enter an account, which leads to the ability
to change and access personal details. Hackers who have these PINs could
potentially gain access to your mobile number for spoofing or 2FA bypass
attacks.
If I’m Affected, What Should I Do?
If you are a current, former, or were a prospective customer
for T-Mobile at some point, it’s important you take action to ensure you don’t
fall victim to identity theft. Follow these steps below to help improve your
overall security.
Change Account PIN
If you’re a victim of the T-Mobile Data Breach, the first
thing you should do is changing your account PIN. You should do this even if
you’re not a current customer. Although it’s not believed that hackers
compromised older PINs, it is better to take precautions. Log into your
T-Mobile account, and follow the instruction on their support page to change
your PIN.
McAfee Identity Protection
Visit T-Mobile’s page set up for victims of the breach. The
company is offering two years of free McAfee identity protection to help
mitigate some of the damage done by the breach. If you were affected, follow
the links on the page to claim your free two-year protection plan. CyberHoot
hasn’t evaluated this identity protection to determine its effectiveness. We
recommend that you purchase independent ID Theft protection as an insurance
rider on your existing policies and make sure you have legal support. This
includes lawyers going to court to prove your identity and recover it rather
than you having to leave work and take these actions.
Contact U.S. Government
If a hacker has already used your SSN to steal your
identity, several options are open to you. The United States government will
sometimes replace an SSN if you can prove the ID theft badly damages you. You
can find more information at the SSA website.
File Tax Returns as Early as Possible
Hackers can submit your tax return to the IRS with the
information stolen. Therefore, beat them to the punchline by filing your taxes
as early in 2022 as possible.
Freeze Your Credit Records (don’t bother monitoring)
Follow this Identity Theft article advice to freeze your
credit and prevent any new loans against your name from being taken out.
Additional Recommendations
If you weren’t affected by this breach but still would like
to understand what should be done moving forward, follow these recommendations
as best practices regarding personal data and cybersecurity.
Delete Old Data
Most companies offer a service to completely remove all data
about a customer once you leave their service. Once you’re done using a
service, such as T-Mobile, you should request that all your data be removed
from their servers. This prevents your data from being forgotten about and
eventually becoming caught up in a data breach like this.
Limit the Data You Give Out
In some cases, giving out your data is unavoidable. For
example, companies use important information, such as your SSN, to perform
credit checks and other vital services. However, if providing a company with
information is optional, you should always opt-out of giving sensitive
information if you can.
CyberHoot’s Cybersecurity Best Practices
In addition to performing the previous actions, CyberHoot
recommends the following best practices to protect individuals and businesses
against, and limit damages from, online cyber attacks:
Adopt a password manager for better personal/work password
hygiene
Require two-factor authentication on any SaaS solution or
critical accounts
Require 14+ character Passwords in your Governance Policies
Train employees to spot and avoid email-based phishing
attacks
Check that employees can spot and avoid phishing emails by
testing them
Adopt a patch management solution
Backup data using the 3-2-1 method
Incorporate the Principle of Least Privilege
Perform a risk assessment every two to three years
Comments
Post a Comment