T-Mobile is investigating a hack of personal data involving about 48 million of its current, former and prospective customers.
The telecommunications company said Wednesday that the breach exposed data including customers’ names, birth dates, Social Security numbers and driver’s license information.
A hacker on an online forum over the weekend claimed to be selling T-Mobile
customers’ private data. While the hacker claimed to have data on more than 100 million customers — which would be nearly all of T-Mobile’s U.S. users — the company only confirmed about half of that.
T-Mobile said it is continuing its investigation, and has already reset some account PIN numbers that were exposed. It’s also offering two years of free identity protection services. Here’s what you should do if you think that your personal data could be compromised.
Assume your data is already out there
Even if your data wasn’t among the 48 million exposed accounts, it’s good practice to just assume that your data is already out there, said Ted Rossman, senior industry analyst at Bankrate.com.
That’s because there have been quite a few big data breaches over the last several years, including credit-reporting firm Equifax’s
shocking breach that exposed the data of 143 million Americans in 2017. So assuming that your data has been leaked already is a good idea.
Freeze your credit
Next, freeze your credit. This stops lenders from being able to see your credit report, making it impossible to open new accounts in your name.
You can freeze your credit online at no cost through each of the three main credit bureaus — Equifax, Experian and TransUnion.
“That’s really the biggest thing that I would worry about with a breach like this, especially given the information that was taken — Social Security numbers, names, addresses. [That data] could be used to spin up a fake identity or steal your identity to open a credit card that they’re not going to pay back, or some other type of loan,” Rossman said.
“The big benefit is, if lenders can’t see your report, they’re not going to issue credit [and] it’s going to keep the bad guys out,” he added.
Rossman said it’s good practice to always have a freeze on your credit, which you can temporarily lift when you’re applying for a line of credit. That way, when there’s the next inevitable data breach, your credit is already protected.
“I really think it’s the best defense we have against criminals opening accounts in our names,” Rossman said.
Check your credit report and bank statements
Having good data practices — like regularly changing and varying passwords, not using public Wi-Fi for sensitive business and not giving out personal information — are helpful.
But most of the battle, Rossman said, is doing the big stuff, like checking your credit report and bank statements regularly.
With the T-Mobile hack specifically, it doesn’t seem that payment information, like credit card numbers, were swiped. But it’s still a good idea to look out for suspicious transactions. This is just another reminder, Rossman said, of why using credit cards is more secure than using debit cards. It’s relatively easy to get a fraudulent transaction wiped off your credit statement, he said, but when you’re using debit, that’s real money missing for a time.
But what’s more worrying, and harder to undue, is someone opening a fraudulent account in your name. So when checking your credit report, look closely for accounts that don’t belong to you.
“This is something that we’ve been hearing more about in recent years; sometimes they just directly steal your identity, other times it’s more of synthetic ID fraud where they blend some of your information with some of somebody else’s information,” Rossman said. “I would definitely be on the lookout for accounts that don’t belong to you — that could definitely be a red flag.”
Typically, you can get a free copy of your report from each of the three credit bureaus once every 12 months. But during the pandemic, you can access a copy of your credit report for free every week at annualcreditreport.com.
Keep an eye out for any strange or unexpected bills
Something that people might not expect is someone using the hacked information to get health insurance in your name, Rossman said.
“That’s another thing that I don’t think a lot of people think about that is ID theft, but that’s another one where you definitely want to be on the lookout if you get some weird explanation of benefits or a health insurance claim that doesn’t belong to you,” he said.
This one might be a little harder to ward off, because a credit freeze isn’t going to stop it, and there’s not really anywhere you can check to see if someone is doing this.
But if you get a weird bill in the mail, don’t “just throw it out and be like, ‘Oh, that’s weird. That wasn’t me,’” Rossman said. “If you get something like that, you definitely want to escalate it.”
You could also check your health insurance claims through your provider online to make sure there aren’t any you didn’t file.
Keep your guard up
And if you’re not a T-Mobile customer, it’s still important to keep good security habits.
“Whether it’s this breach or another one, it’s just important to keep our guard up,” Rossman said. “Sometimes, there’s a long tail to these things.”
Your data might have been leaked now, but the actual fraud could happen in a few years, or you might have your identity stolen now because of a hack from years ago. Therefore, it’s smart to regularly monitor your reports, keep your guard up and put a freeze on your credit.