Emerging Threats

T-Mobile investigating data breach. Data of more than 40 million existing and prospective customers exposed

Revised August 18, 2021

If you’re a T-Mobile customer, your Social Security number and other personal information may have been exposed in a data breach.

T-Mobile has confirmed unauthorized access to its data and is investigating the extent of the incident, after reports that sensitive data of 100 million T-Mobile USA customers is for sale on the web.

T-Mobile’s preliminary investigation found the number of affected customers is substantially less.

Here’s what T-Mobile’s investigation found:

• 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files.

• Roughly 40 million records of former or prospective customers who had previously applied for credit with T-Mobile appears to be contained in the stolen files.

Here’s what possibly was included in that data:

  • Social Security number
  • First and last name
  • Address
  • Birth date
  • Driver’s license details

Data breaches that include sensitive customer data can raise the risk of identity theft and other frauds.

What happened? A chronology

An article published August 15 on Vice’s Motherboard tech website said that someone on an underground forum claimed to have obtained data on 100 million customers from T-Mobile servers.

T-Mobile on Tuesday, August 17, said it had not determined whether customer data was involved in the unauthorized access. The company said the entry point used to gain access has been closed.

On Wednesday, August 18, T-Mobile said its preliminary analysis indicated data of more than 40 million existing and prospective customers had been exposed.

If you’re a T-Mobile customer, it’s smart to stay on top of the T-Mobile investigation and takes steps, if needed, to protect against identity theft.

T-Mobile said it would publish a web page with information and instructions to help customers take steps to further protect themselves against identity fraud.

What steps should I take after a data breach?

Any data breach that exposes sensitive information such as your Social Security number could allow someone to commit identity theft.

That might include opening credit or bank accounts in your name, applying for a job, or renting an apartment.

That’s why it’s important to find out information about a data breach.

Here’s an outline of steps to take..

1. Get confirmation of the breach and whether your information was exposed. Confirm there was a breach at the company and find out if your information or online account was accessed. (We’ll update this article as more information about the T-Mobile data breach becomes available.)

2. Find out what type of data was stolen. Find out what information was exposed. While it’s easy to replace a credit or debit card, other types of leaked information require taking other actions.

3. Accept the breached company’s offers to help. A breached company might offer ways to help protect you against identity theft. Consider taking it.

4. Change and strengthen your online logins, passwords, and security Q&As. It’s important to change passwords and any other information the hackers may have for access to your accounts or to use to commit fraud against you. Taking steps to prevent their use of this information can help limit future exposure.

5. Keep alert and monitor your accounts. If you spot suspicious or unfamiliar transactions on any of your accounts, you could be the victim of financial identity theft.