In August of 2021 hackers offered for sale on the Dark Web data of what they said was 100 million customers of phone carrier T-Mobile. This was the first indication that T-Mobile had been hacked. Soon hereafter T- Mobile confirmed the data breach but said that the number of people affected was approximately 76 million people. The information being sold included names, phone numbers, Social Security numbers and addresses. Also being sold were the PINS used by some T-Mobile customers to protect their accounts from identity theft. This type of information poses a tremendous threat of identity theft to victims of the data breach, which was the sixth for T-Mobile in the last four years.
Social Security numbers can be used by identity thieves to apply for credit cards and loans in your name. In addition, the phone numbers and the fact that the victims of the data breach were known to be T-Mobile customers enabled the hackers to create phony phishing text messages posing as T-Mobile to lure the targeted victims into clicking on links in the text messages that would download destructive malware.
As a result of T-Mobile’s history of inadequate cybersecurity, the FCC brought legal action against T-Mobile which it settled in 2024. According to the terms of the settlement, T-Mobile agreed to pay a $15.75 million civil penalty as well as allocate an additional $15.75 million into strengthening its cybersecurity program. As is typical in settlements such as this, T-Mobile did not admit it did anything wrong and promised not to do it again.
In addition to the FCC lawsuit, a class action on behalf of victims of the data breach was filed and eventually settled in 2022 for $350 million. Customers could claim reimbursement for out-of-pocket losses and lost time due to dealing with the effects of the data breach. Other victims could make a claim for a cash payment of $25 or $100 if they were a California resident. Now, three years later checks are going out this month to victims of the data breach. Any funds left over from the $350 million dollars T-Mobile agreed to pay pursuant to the settlement after the disbursements are made this month will be split equally among all of the victims of the data breach.
When it comes to data breaches, it is not a matter of if you will become a victim, it is a matter of when. Verizon publishes an annual report about data breaches. This year’s report confirmed 12,195 data breaches last year, which is an increase of 34% over the previous year. More than 1.35 billion people were affected by data breaches last year.
Regardless of how diligent you are in protecting your personal information such as your Social Security number, you are only as safe as the myriads of companies, institutions and government agencies with the worst security practices that have your personal information.
So what can you do to protect yourself from data breaches?
1. Freeze your credit report. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Equifax
Experian
TransUnion
And while you are at it, you should freeze your credit at NCTUE. While many people are aware of the desirability of freezing your credit at Experian, Equifax and TransUnion, most people are not aware of the National Consumer Telecommunications and Utilities Exchange (NCTUE) which is the credit reporting agency used by the major cell phone service companies. More and more scammers are opening cell phone accounts in the names of their unwary victims who may have actually frozen their credit with Equifax, Experian and TransUnion, but not with NCTUE. You can freeze your credit report with NCTUE over the phone at 866-349-5355 or online.
2. Don’t leave your credit card on file with online retailers for the sake of convenience. Input your credit card each time you make a purchase and never use your debit card for online purchases because it does not provide the same protection from fraudulent use that you get with your credit card.
3. Don’t provide your Social Security number to every company that asks for it as an identifier. Your doctor has no need for your Social Security number so whenever possible refuse to provide it.
Read the full article here
