On August 16, 2021 T-Mobile announced that it was investigating a possible data breach. On August 17th, the company confirmed that data was stolen.

On August 17th, the company confirmed that data was stolen.

The data contained:

  • For 7.8 million current monthly customers the data included first and last names, date of birth, Social Security Number (SSN), driver's license/ID information, phone numbers, mobile phone identifier numbers (IMEI and IMSI information).

  • For 5.3 current monthly customers the data included one or more associated customer names, addresses, data of birth, phone numbers, IMEIs and IMSIs but not SSNs or driver's license/ID information.

  • For about 40 million former or prospective customers the data included first and last names, date of birth, SSN, and driver's license/ID information.

  • For 667,000 former customers the data included customer names, phone numbers, addresses, dates of birth but not SSNs or driver's license/ID information.

  • For approximately 850,00 active prepaid customers the data included names, phone numbers, and account PINs. All of the PINs were reset.

What May Happen with the Stolen Data?

  • The stolen data can be used for identity theft.

  • Phishing attacks that impersonate the company may increase and may use stolen data to make the communication look more legitimate.

  • Scammers may try to take over your account or steal your phone.

What Is T-Mobile Doing?

  • Offering two years of free identity protection services with McAfee's ID Theft Protection Service to affected customers.

  • Recommending that all eligible customers sign up for free scam-blocking protection through T-Mobile's Scam Shield.

  • Recommending that customers sign up for their free Account Takeover Protection service.

  • Set up a web page with up-to-date information, access to tools and others steps that customers can take. [https://www.t-mobile.com/brand/data-breach-2021]

What Should You Do to Protect Yourself?

Take these steps:

  1. Freeze your credit which makes it difficult for criminals to open new accounts in your name. You will need to contact Equifax, Experian, and TransUnion separately.

  2. Change your password. You might consider using a password manager to make sure that you use a unique and complex password for every one of your accounts.

  3. Use multifactor authentication on any account that allows it. This requires your password as well as an additional form of ID to complete the log in.