Update: More On T-Mobile Data Breach

T-Mobile is confirming that their system was breached. According to details released by T-Mobile, approximately 7.8 million current T-Mobile postpaid customer accounts’ information was stolen. The data also includes just over 40 million records of former or prospective customers. Today’s post will cover the details that T-Mobile has admitted to so far. Update: More On T-Mobile Data Breach

What Has T-Mobile Admitted So Far 

As part of the T-Mobile admission (so far), they have acknowledged

• They located and immediately closed the access point that used to illegally gain entry to the servers.

We know that was the case as the hacker had even acknowledged that he no longer had access last week.

• Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.

So even if you aren’t a T-Mobile customer, if you applied at any time, you may be affected by the breach. If you see what T-Mobile posted, the hacker claimed to have the IMEI numbers which are specific to each phone.  T-Mobile has not acknowledged if the IMEI numbers are included in the breach.  Also, T-Mobile says that PINs and Passwords are not effective for most (just for some – see below). Tech Geek and More and T-Mobile both recommend that all users reset their passwords and pins, and has a post, Change T-Mobile Password & Pin with the How To Info.

• Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.

As expected T-Mobile is offering 2 years of identity protection services, to cover this breach.  Unfortunately, it’s only 2 years of coverage.  What happens after 2 years, because once your data is exposed, it doesn’t suddenly disappear in 2 years.

• At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed. We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notified accordingly right away

If you are one of 850k prepaid T-Mobile customers, your pin has already been reset.

Final Thought 

This isn’t the 1st time T-Mobile has been hacked. You would assume they would have figured it out by now. Hopefully, they will finally get serious about the security of their customers’ info.

Source 

• T-Mobile –T‑Mobile Shares Additional Information Regarding Ongoing Cyberattack Investigation