Stolen T-Mobile data found for sale on the dark web

Photo (c) putilich - Getty Images

Florida’s attorney general urges affected consumers to take protective action

Florida Attorney General Ashley Moody says her office has learned that personal information stolen during last year’s T-Mobile data breach has begun showing up for sale on the dark web.

Hackers stole the data last August, obtaining consumers’ names, dates of birth, Social Security numbers, and driver’s license information. It’s estimated that the thieves hauled in personal information on as many as 53 million people.

“It is extremely important that consumers who had their personal information exposed during last year’s T-Mobile data breach take immediate action to secure and protect their identities,” Moody said. “A large subset of the information is being sold on the dark web, increasing the likelihood that the data breach victims could have their identities stolen and personal finances compromised.”

Credit monitoring

Some affected consumers have obtained the services of one of the credit monitoring companies to alert them to fraudulent activity.

Paul, of Reynoldsburg, Ohio, opened an account with Identity Guard and was initially unimpressed with the company's service. However, he improved his rating for the company after a representative reached out and offered to provide personal assistance.

"We appreciate the feedback as we always make sure to review and research all issues and concerns. We will have a specialist from our Alerts and Restoration department reach out to you to obtain more details and to offer assistance," the company told Paul.

Unfortunately, that kind of turnaround doesn't happen for everyone. Richard, of Boulder, Colo., signed up with AllClear ID and hasn’t found that service to be that useful, even though the company informs him when his data is found on the dark web.

“They'll also say ‘password found,’ but ‘For your security, we do not display your password in an effort to stop further exposure.’ Because there's not even a hint of which password it was, and there's also not an indication of which site(s) it was associated with, there is literally nothing to do with this notification except feel bad -- unless you want to change your passwords across every single site you use,” Richard wrote.

Actually, security experts say that isn’t a bad idea. They saw all passwords should be changed on a regular basis.

Credit Freeze offers the best protection

Moody says there are other proactive steps consumers can take to protect their identities. She suggests placing a credit freeze on credit reports. That will block identity thieves from opening credit accounts in the victim’s name.

To place a credit freeze, consumers must contact each of the three credit bureaus to request it. Here’s the contact information:

Equifax: Visit: Equifax.com/Personal/Credit-Report-Services/Credit-Freeze/ or call 1(888) 766-0008.

Experian: Visit: Experian.com/Freeze/Center or call 1(888) 397-3742.

TransUnion: Visit: TransUnion.com/Credit-Freeze or call 1(800) 680-7289.

A less extreme step is to place a “fraud alert” on all three credit reports. A fraud alert tells lenders and creditors to take extra steps to verify a consumer’s identity before issuing credit. Fraud alerts can be placed by contacting any one of the three major credit bureaus.

Quick and easy. Get matched with a Home Security partner.