T-Mobile just announced that after last week’s “highly sophisticated” cyberattack that approximately 53.1 million former and current customers’ information was compromised.
With no indication of whether financial information was also compromised, customers’ impacted information could include names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, and T-Mobile prepaid PINs.
The compromised information was found being offered for sale on a deep web online forum. Cybercriminals could use the stolen data in smishing, phishing, or other fraud attacks such as identity theft and SIM-swapping. This identity theft attack disconnects your phone from your carrier and gains complete command of your phone number on another device in their control.
So what does this mean for you?
Update your T-Mobile PIN/Passcode. If you are a current or former T-Mobile customer, start by changing your account password and PIN/Passcode. While believed that former customers had their PINs compromised, it is better to take precautions. You can do this by following T-mobile’s instructions on how to update your PIN/Passcode.
Smash Potential Smishing. Be cautious of potential smishing attacks asking you to reset your password. Hackers may use this breach to their advantage and send an SMS with a password reset link to capture your login credentials.
Rethink your two-factor authentication. If you’re still using MFA that sends a one-time code via text message associated with your account, it’s time to rethink how you use MFA. In the event of a SIM swap attack, criminals can access your account information and wait for the code to be sent to the phone in their control. Opt for an authentication app that lives on your mobile devices, such as Google or Microsoft Authenticator apps.
Safeguard your clients’ information The last thing you want for your enterprise is to face lawsuits and lose the trust of your customers when it comes to handling their personal information. T-mobile has been subject to a handful of data breaches in less than three years and is now facing yet another class-action lawsuit over the data breach.
Maintain your company’s reputation and trust by safeguarding customers’ sensitive information. Be proactive, not reactive to cyber hacks, and respond to potential threats before they happen. You can significantly minimize reputational damage to your business and gain confidence in your clients’ trust.