T-Mobile has confirmed that it has been the victim of a data breach, which could affect as many as two million customers. According to a report on TechCrunch.com, the cell giant, which is currently merging with Sprint, said in a statement that hackers stole sensitive customer information including names, billing, zip codes, phone numbers, email addresses, and account numbers and account type (if an account was prepaid or postpaid). The company says no financial or billing data were compromised. It is not known when the breach occurred, but the unauthorized access was detected and shut down Aug. 21.
Problems with Data Security
T-Mobile said it discovered and stopped the breach “very quickly” and that it only affected a “small number” of customers. However, Motherboard reported about 3 percent of the company’s 77 million users were affected, which adds up to 2 million accounts. T-Mobile began notifying customers of the breach the morning of Aug. 24 with a text message sent to affected accounts. Some customers were concerned about the short link in the text message, which they said, looked like phishing.
This is the latest in a string of security incidents at T-Mobile over the last year. In May, a security researcher found a weakness in a T-Mobile subdomain used by staff, which returned consumer data without requiring a password. This was similar to a vulnerability found in another T-Mobile system a few months before, which exposed customers’ email addresses, billing account numbers and the phone’s IMSI numbers. Earlier this year, T-Mobile and other carriers, were also forced to stop sharing customer location with third parties after they were criticized by legislators for the practice.
What to Do If You Have Been Affected
Here are a few steps you can take if your important information has been compromised by a data breach:
- The first step is to figure out what the hackers took. For example, if they got your username and password, there’s not much point in alerting your credit card companies. You need to find out specifically what information was leaked so you can take the appropriate actions.
- Change your password right away. Don’t even wait for an email from the company. If you have been using the same password on other sites, change it there as well. Never reuse passwords.
- Use a password manager. These are programs that can create new, hard-to-guess passwords and save them for every online account you have. They can also protect your passwords with encryption and make them available across all your devices.
If you have been affected by a data breach, you may be able to recover damages or file a class action lawsuit against the negligent company. Contact an experienced class action lawyer for more information.