Hackers stole millions of Social Security numbers from T-Mobile. What should you do?

Hackers person recovered their mode again into T-Mobile's systems, the 4th reported breach of the company's information since aboriginal 2020. This time, the haul included delicate idiosyncratic accusation associated with astir 48 cardinal people, astir of whom were erstwhile oregon prospective customers of the self-styled "un-carrier."

Here is simply a breakdown of what happened, the risks you mightiness look and however you tin support yourself against them.

What accusation was taken?

According to the company, the stolen information included names, commencement dates, Social Security numbers and driver's licence information. In astir cases, the institution said, "no telephone numbers, account numbers, [personal recognition numbers], passwords, oregon fiscal accusation were compromised." However, immoderate 850,000 customers with prepaid accounts had their names, telephone numbers and relationship PINs exposed, T-Mobile revealed.

Hackers started offering the information for merchantability past weekend, according to information researcher Brian Krebs, who predicted that it would each upwind up online soon.

Although the imaginable fig of radical affected is huge, by T-Mobile's number it represents little than fractional the company's existent 105 cardinal customers. T-Mobile has said it volition notify the customers whose information was exposed and supply 2 years of individuality theft extortion work for escaped from the information institution McAfee.

What are the risks?

There person been truthful galore information breaches astatine truthful galore companies implicit the years, immoderate information experts accidental that overmuch of the accusation exposed by T-Mobile is astir apt already disposable connected the acheronian web. But that doesn't mean you should conscionable motion disconnected what happened. Those whose information were exposed look greater risks of individuality theft, phishing scams and different forms of fraud, Krebs warned.

Social Security numbers are wide utilized by the federal government, banks, concern companies, authorities payment programs and insurers to verify identity. Your stolen SSN tin beryllium utilized to unfastened fraudulent recognition paper accounts, divert oregon fraudulently cod benefits and perpetrate workplace fraud, among different forms of deceit. Throw successful your name, commencement day and driver's licence number, and it's exponentially easier for idiosyncratic to unreal to beryllium you.

Identity thieves could usage that accusation to people some you and the banks, insurers and different companies you bash concern with. For example, they could usage it to marque phishing emails look much realistic, helping to transportation you to springiness up further delicate accusation specified arsenic a password oregon PIN. Or they could usage it to dupe your slope into letting them alteration the password connected your account, giving them entree to your money.

For those whose telephone numbers were besides exposed, there's astatine slightest 1 much malign possibility: a SIM-swap attack. That's wherever idiosyncratic persuades your mobile telephone company to transportation your fig to a antithetic device, which helium oregon she past uses to effort to interruption into the accounts that you've tied to your telephone number. It's progressively communal for radical to usage their mobile numbers arsenic a mode to verify their identity—for example, erstwhile they log into their online banking account, oregon erstwhile they privation to reset their password. But that convenience tin backfire if your fig is hijacked, past utilized to impersonate you online.

How bash you support yourself?

The azygous champion happening to bash is to enactment a frost connected your recognition files, which volition forestall anyone from opening a caller account. It's escaped to spot a frost and to assistance it for your ain needs. But you person to interaction each of the 3 large recognition bureaus individually, which you tin bash online. Krebs besides suggests freezing the recognition files maintained by a fistful of smaller, specialized agencies. You should besides cheque your recognition people regularly, which is simply a bully mode to observe fraud aft it happens.

Credit- and identity-monitoring services, which typically transportation a monthly fee, tin besides assistance uncover the enactment of individuality thieves. They supply tools to forestall you from phishing and different forms of hacking combined with scanning services that look for your Social Security number oregon email code successful places online wherever it doesn't belong.

Meanwhile, T-Mobile has acceptable up a website suggesting much steps radical tin instrumentality to defender against fraud. Anyone with a smartphone would beryllium omniscient to instrumentality them:

• Create a PIN for your mobile telephone relationship to supply an other furniture of information against unauthorized changes successful your account, specified arsenic a malicious SIM swap. If you're a T-Mobile lawsuit and you person a PIN, acceptable a caller one.
• Activate T-Mobile's "account takeover protection" feature, which an other furniture of extortion connected apical of the PIN. Verizon goes further, automatically blocking SIM swaps by shutting down some the caller instrumentality and the existing 1 until the relationship holder weighs successful with the existing device.
• Change the password you usage to get into your mobile telephone account online. Changing passwords periodically is simply a bully signifier for each your accounts. And if you person occupation remembering dozens of passwords, effort a password manager app that tin support way of them for you.

On the positive side, two-factor authentication is becoming the modular online, and that's improving information crossed the web. But excessively galore sites promote you marque that 2nd origin a substance to your phone number, which encourages SIM swap fraud. Wherever possible, usage an authentication app instead.

---

---

2021 Los Angeles Times. Distributed by Tribune Content Agency, LLC.