T-Mobile Data Breach

[Pib]

For you folks with T-Mobile numbers, like maybe the T-Mobile $3/month prepaid SIM, you probably heard about the very recent T-Mobile data breach where personal data for approx 50 million of T-Mobile's postpaid and prepaid customers was hacked.  See below T-Mobile website for full details....partial quote from the T-Mobile website also below.  Also lots of news stories on the issue....just google T-Mobile Data Breach.

 

https://www.t-mobile.com/brand/data-breach-2021

Quote

 

On August 17, 2021, T-Mobile learned that a bad actor illegally accessed personal data. Our investigation is ongoing, but we have verified that a subset of T-Mobile data had been accessed by unauthorized individuals and the data stolen from our systems did include some personal information. The latest details about the affected data are available here.

 

Our investigation is ongoing and this information may be updated. The exact personal information accessed varies by individual. We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s). We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed.

 

 

I have a TMobile $3/month SIM I use to receive OTPs here in Thailand....like banking 2FA codes....pretty much only turn the SIM on when I need to receive a 2FA code...then I turn it off.  Today I got an email from T-Mobile saying:

Quote

Dear Customer,

 

T-Mobile has determined that unauthorized access to some T-Mobile data has occurred. We have no evidence that your debit/credit card information was compromised. We take protection of our customers seriously and we are taking action to protect your T-Mobile account.    Effective August 18, 2021, we have reset your account PIN to a randomly generated number. Since your wireless product does not receive text messages or our text message failed, you will need to contact our Customer Care team at 1-877-778-2106 to reset this PIN to your preferred 6-digit code.

 

So, I call 1-877 number from one of my other numbers were I can call the U.S. free, in about 10 minutes I get to talk to a T-Mobile rep and get my PIN reset to a number of my choosing.  The rep does need to send a OTP to your T-Mobile number during this PIN resetting process.   A no drama affair....PIN now reset. 

 

I also plan to sign-up for the free 2 year credit monitoring/identity theft protection being offered by TMobile due to the data breach.   It's talked about at the TMobile weblink above.   While I already have such free monitoring/protection provided by some of my banks and others institutions I figure it don't hurt to have one more.

[mtls2005]

Thanks for the heads up.

 

Never received an email.

 

They did void my old PIN.

 

I was able to call and reset to a new PIN. 

 

During the call I did not receive the (temporary PIN) SMS, so the rep sent another in an email. During which time the SMS arrived. 

 

FWIW I had called in on my Google Voice number, we got disconnected...the rep called me back on my GV number. Interesting when four phones are ringing, luckily on three mobiles it said "TMobile" calling (I have their 877 number in my contacts.)

 

[Pib]

 

Quote

I also plan to sign-up for the free 2 year credit monitoring/identity theft protection being offered by TMobile due to the data breach.   It's talked about at the TMobile weblink above.   While I already have such free monitoring/protection provided by some of my banks and others institutions I figure it don't hurt to have one more.

I did sign-up for this.  Easy enough.  initiated the process on the T-Mobile website by entering your email address and T-Mobile number....it then says in a day or two you will get an email with further signup instructions.  That email showed up today and you basically complete the signup by entering your name, address, SSN, etc., and then an Identity Check is accomplished where their system spends a few seconds evaluating your data and then presenting you with some multiple choice questions based on public records to confirm your identity....pretty similar to the Identity Check that U.S. financial institutions frequently run when signing up for a new account online.    

[mtls2005]

11 hours ago, Pib said:

That email showed up today and you basically complete the signup by entering your name, address, SSN, etc., and then an Identity Check is accomplished

At first I thought the email was a phishing expedition, after all it came from "Identity Theft Prot.", not sure I want to give more family jewels away to another company. And they want everything short of a DNA test. Fool me once...

 

Especially one founded by a tax-evading criminal who chose to hang himself in a Spanish prison before being extradited to the U.S.

 

Sure it's free, but, meh. I'd rather pay for a decent service, assuming I even need one.

[TallGuyJohninBKK]

On 9/2/2021 at 8:28 PM, Pib said:

That email showed up today and you basically complete the signup by entering your name, address, SSN, etc., and then an Identity Check is accomplished

In other words, McAfee wants you to now tell them all your personal info details that already were swiped/leaked out of the T-Mobile database for many/all of their customers.... 

 

Once T-M coughed up your name, DOB, SSN, DL, address, etc, it sounds like just about the only segment of data that T-M supposed didn't leak was the bank account/bank card data used for making account payments.  Or, at least, that's what they claim!

 

I guess we should be grateful for small favors:  ????

 

"We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s). We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed."

 

 

Edited September 5, 2021 by TallGuyJohninBKK

[Pib]

19 hours ago, TallGuyJohninBKK said:

Once T-M coughed up your name, DOB, SSN, DL, address, etc, it sounds like just about the only segment of data that T-M supposed didn't leak was the bank account/bank card data used for making account payments.  Or, at least, that's what they claim!

To the best of my knowledge, when I signed up for my TM $3/month prepaid SIM around 5 years ago I didn't have to provide my SSN, DOB, or DL...just had to provide a U.S. address to mail the SIM to....and that address was a relative's address who remailed the SIM to me in Thailand.  And to this day my relatives address is still on my TM profile when I log on....I never updated it.  So, for me, TM had my name, my relative's address, and a credit card number. 

 

Hopefully TM is is telling the truth regarding credit card data not being hacked.  I have already changed my  TM logon password and PIN.  So, if the hackers got my info, they only got my name and a relative's address which is not enough info for anyone to do anything....you can get that info off public databases, the phone book, driving around the neighborhood and looking at mailboxes, etc.

 

 

[Pib]

On 9/3/2021 at 8:18 AM, mtls2005 said:

At first I thought the email was a phishing expedition, after all it came from "Identity Theft Prot.", not sure I want to give more family jewels away to another company. And they want everything short of a DNA test. Fool me once...

 

Especially one founded by a tax-evading criminal who chose to hang himself in a Spanish prison before being extradited to the U.S.

 

Sure it's free, but, meh. I'd rather pay for a decent service, assuming I even need one.

John MaAffee resigned from the McAffee company in the mid 1990s leaving only his last name behind since the McAfee brand was so well known.  Typical for companies ownership change where the new owner buys the rights to continue using the previous company's name since the name is so well known...a brand name.

 

https://en.wikipedia.org/wiki/John_McAfee

https://en.wikipedia.org/wiki/McAfee

[mtls2005]

9 hours ago, Pib said:

John MaAffee resigned from the McAffee company in the mid 1990s leaving only his last name behind

 

Of course, we all know this.

 

I only mentioned that he "founded" the company, and did not mean to imply that he was still involved with day-to-day management from beyond the grave. ????

 

 

[TallGuyJohninBKK]

23 hours ago, Pib said:

To the best of my knowledge, when I signed up for my TM $3/month prepaid SIM around 5 years ago I didn't have to provide my SSN, DOB, or DL

 

Yes, the amount of info the mobile providers require for prepaid plans typically is a lot less than for postpaid service. TM listed all those categories above -- SSN, DOB, DL, etc. -- as being among the data types that were stolen. So presumably those more intimate kinds of info apply more to their postpaid customers than to their prepaid ones.

 

When I said "your" in my prior post, it was a general "your" relating to TM customers who have been victimized by their hack, not a specific comment regarding your individual situation.

 

 

Edited September 7, 2021 by TallGuyJohninBKK