T-Mobile Data Breach Exposed Personal Data of 37 Million Customers

T-Mobile announced that a bad actor obtained personal data on approximately 37 million of its postpaid and prepaid customers in a recent SEC filing. The cybercriminal first retrieved data starting on or around Nov. 25, 2022. T-Mobile identified the data breach on Jan. 5, 2023. Stolen customer data includes:

• Names
• Billing addresses
• Email addresses
• Dates of birth
• T-Mobile account numbers
• Plan information, such as number of lines on accounts and plan features

Many of the exposed accounts didn't include full data sets. The data breach also didn't include any payment card information, Social Security numbers, tax IDs, passwords, or financial account information.

T-Mobile said in its filing that "Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time." It has started notifying customers whose information may be compromised. It's also working with federal agencies and law enforcement.

So what

With the amount of information companies have on us, data breaches are an ever-present concern for consumers. They also happen alarmingly often. There were 1,862 data breaches in 2021, a five-year high, according to recent identity theft statistics.

This latest data breach continues a troubling pattern for T-Mobile. The wireless carrier has now been hacked five times since 2018.

Fortunately, the leak didn't include the most sensitive customer data, like Social Security numbers or credit card numbers. But customers whose information was leaked could receive spam or be the target of scammers.

Now what

If you're a T-Mobile customer, be on the lookout for scams, like phishing attempts. That's when a scammer contacts you and pretends to be a legitimate organization to get personal information. Since email addresses and account numbers were part of the data breach, it's possible that scammers use email and text message phishing to try and steal more of your data.

Keep an eye on your credit, as well. It's unlikely that someone would be able to open a credit account in your name after this T-Mobile data breach. They'd generally need your Social Security number for that. Still, it's smart to be vigilant, just in case. Several credit card companies offer free identity protection you can use to monitor your credit. In addition, you can get free weekly credit reports for all of 2023.

If you want even more protection, there are two things you can set up with the credit bureaus to help prevent identity theft:

• A credit alert requires creditors to perform additional identity verification, such as calling you at a phone number you provide, before opening an account in your name.
• A credit freeze prevents anyone from pulling your credit, which stops creditors from opening an account for you. If you want to open a new account, you can unfreeze your credit.

It's up to you how cautious you want to be. The information that was leaked probably isn't enough for identity theft. Monitoring your credit and watching out for scams should be enough to keep your identity and your finances safe.