How to Protect Yourself After the T-Mobile Big Data Hack
T-Mobile has confirmed that the data breach has affected a subset of its customers, and additional TechCrunch reports put the figure at about 1 million (or so). In other words, this is a big gap, but don’t worry. Don’t ignore it, but don’t be nervous either.
As T-Mobile writes in its public disclosure:
“Our cybersecurity team has detected and blocked malicious unauthorized access to some information associated with your T-Mobile prepaid wireless account. We immediately reported this to the authorities. None of your financial details (including credit card details) or social security numbers have been involved and no passwords have been compromised.
Data access consisted of information associated with your prepaid service account, including your name and billing address (if you provided one when you created your account), phone number, account number, service plan and features, such as whether you added a feature international calls. “
Here’s the good news. Since the ‘plan and features’ bit requires T-Mobile to notify victims, if you haven’t heard from the carrier yet, chances are good that you don’t know anything. It is also possible that you do not have the correct contact information associated with your account for T-Mobile to notify you, so it is worth double checking this in your account settings to be sure. If you are paranoid, you can always call T-Mobile customer service (611 on your T-Mobile phone) to confirm that your account is or is not affected.
If you receive a notification that means your data is somehow tied up in this mess, hope is not lost. First, the stolen data is not particularly dangerous because the attackers did not get their hands on more important information, such as your payment details, passwords, or social security number.
What they stole could most likely only be used to impersonate you, either on T-Mobile or another service where someone knows you have an account. And there is no guarantee that having your phone number or billing address will be enough to convince a customer service agent that it is you; these are pieces of a larger puzzle, but probably not so big as to worry about. (And besides, you can’t just change your address, and you don’t have to worry about changing your primary phone number.)
What can you do in the meantime? If you’re nervous, consider setting up apassword or PIN using T-Mobile. Thus, whenever you (or anyone else is trying to be you) contact support, they will have to provide this specific information in order to proceed.
And make sure you don’t forget this PIN or passcode, otherwise you may have to personally go to the T-Mobile store to verify that you are who you say you are if you have problems with your account. … According to T-Mobile , “If we are unable to verify the identity of the caller using these methods, it is our policy not to release any specific account information over the phone.”