ADVERTISEMENT

40M T-Mobile customers’ data leaked: expect social engineering and identity theft

passengers walking by T Mobile shop
Jurgita Lapienytė
Jurgita Lapienytė Chief Editor
Aug 18, 2021 Updated: 3 November 2022 6 min read
"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers," the press release reads.

“Significant exposure”

"Just remember that dwell times average around 200 days. It takes time to roam around a database or any application front-ending it. Unless the criminals have significant insider help or deep knowledge of the particular systems, they need a good amount of time. And then have to move the data without being detected too quickly. That takes a plan," he said.
T Mobile logo

Expect social engineering and identity theft

ADVERTISEMENT
“The more information a scammer has, the easier it is to steal one’s identity. The scammer may be able to perpetrate a consumer in calling into T-Mobile. All of this can lead to SIM swapping (a SIM card controls what phone number a device has, and SIM swapping allows a scammer to have a device with your phone number), credit card fraud, opening up of new accounts, etc.,” he said.

Mitigation

  • Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
  • Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
  • Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
  • Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.

More from CyberNews:


ADVERTISEMENT