“We were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals,” the company said in a statement. “We also began coordination with law enforcement as our forensic investigation continued. While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.”
The company said the access point used by the hacker was located and closed. It said no financial or credit card information was compromised. However, officials confirmed that hackers apparently stole customers’ first and last names, dates of birth, Social Security numbers, and driver’s license/ID information. In short, criminals obtained the information needed to steal customers’ identities.
T-Mobile offers assistance to compromised customers
T-Mobile said it is taking the following steps to support customers whose data may have been compromised:
Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling the Customer Care team by dialing 611 on their phone. This precaution is being taken despite the fact that we have no knowledge that any postpaid account PINs were compromised.
Offering an extra step to protect mobile accounts with Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
Publishing a unique web page later on Wednesday for one-stop information and solutions to help customers take steps to further protect themselves.
T-Mobile said it was also able to confirm that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were compromised in the breach.
“We have already proactively reset all of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away,” T-Mobile said. “No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.”
Other steps consumers can take
T-Mobile customers affected by the breach may also take other steps to prevent identity theft. The first step should be placing a freeze on credit reports maintained by Experian, Equifax, and Transunion.
The freeze should be placed with all three companies. Someone using a stolen Social Security number will not be able to open new credit accounts as long as the freeze is in place. Fortunately, the process has gotten less complicated over the years. Here are the links to freeze credit information at the three companies:
Freezing credit reports prevents a criminal from opening a credit account in your name, but it prevents you from doing so as well. All three credit agencies make it possible to establish a PIN or password so that your credit can be unfrozen when you are applying for a loan or credit account.