Recent T-Mobile data breach may have been far more serious than initially claimed
Less than four months after T-Mobile confirmed over a million prepaid customers had their personal data compromised as a result of a "quickly corrected" security "incident", it appears not one but two new "sophisticated attacks" may have impacted sensitive information belonging to an unspecified number of the "Un-carrier's" wireless subscribers.
The first of these fresh data breaches came to our attention a couple of days ago, when a bunch of Redditors shared screenshots of T-Mobile alerts received by text message that prompted affected users to visit a webpage where Magenta detailed the nature of the hack. While it's never pleasant when these things happen, most people informed of this particular attack were relieved to hear their financial data was purportedly not impacted.
But a seemingly different subset of T-Mo customers was less fortunate, receiving a link detailing a much scarier data breach. While we can safely assume these two recent "sophisticated attacks" are somehow connected, the second security breach that came to light over the last 24 hours or so resulted in a wider array of compromised data, including Social Security numbers and financial account information.
This is really, really bad
Needless to say how dangerous it can be for a bad actor to own that kind of info, especially when combined with names and addresses, government identification numbers, as well as phone numbers, billing and account information, and rate plans and features. That's... pretty much everything, although T-Mobile insists there's currently no evidence indicating that the personal information contained in the affected accounts was ever used to commit fraud or "otherwise misused."
At least one angry Redditor appears to dispute that claim, however, alleging his SIM was swapped, BTC wallet hacked, and a "lot of money" transferred out on the heels of T-Mobile's confirmation of the two new data breaches. Another unhappy customer says his phone number was ported over to another SIM card "IN THE UNITED KINGDOM" (emphasis his), leaving support reps "as confused" as the affected user regarding the "magical" number change that didn't even show in T-Mo's system.
For what it's worth, these vexing reports are still far from widespread, but T-Mobile customers should definitely keep an eye on their financial account statements and credit history to contact the police or law enforcement as soon as the first signs of "unauthorized transactions or activity" pop up.
Precautions and promises
Magenta is also offering affected users free access to credit monitoring and identity theft detection services for two years in partnership with TransUnion, all the enrollment instructions being available at the web address provided above.
Keep in mind that, while you should have already been notified of the data breach by text message if you're one of its victims, there's a chance T-Mobile couldn't reach you just yet. That means everyone should remain "vigilant" in the face of potential threats of identity theft or fraud. Additionally, the nation's third-largest wireless service provider urges its customers to be "alert for phishing emails", highlighting legit companies never ask for things like passwords, Social Security numbers, or bank account information over email.
While we're on the subject of passwords, this is also a good time to remind you to change the personal identification number (PIN) on your T-Mobile account to avoid the other big threat making the rounds right now.
As for what the "Un-carrier" plans to do to prevent these things from happening again... in four months, the promises are unfortunately as vague as always and the "it happens to everyone" explanation is bound to further enrage many people.
Things that are NOT allowed: