T-Mobile’s email vendor was compromised by a malicious attack, according to a Notice of Data Breach published by the company yesterday. For some customers, this led to the exposure of names and addresses, phone numbers, and billing information. Other customers had their Social Security numbers and financial info (credit cards) exposed on top of the aforementioned data.
If you’re one of the T-Mobile customers whose information has been compromised by this breach, then you should receive a text message containing a “T-Mobile Alert” along with a link to one of two “Notice of Data Breach” pages on the T-Mobile website. One page is for customers who had their financial info exposed, the other is for customers who didn’t lose financial data.
We don’t know how many customers were impacted by this data breach, or if any passwords were compromised through the incident.
So, what now? If your financial info or Social Security number were potentially compromised by this breach, you should start by freezing your credit (which prevents people from opening accounts in your name) or activate a fraud alert. All customers impacted by this breach should change their passwords, and consider using a password manager to diversity their password pool without writing down a bunch of information by hand. Also, activate two-factor authentication for any service that allows it!
For what it’s worth, T-Mobile is offering a TransUnion credit monitoring service to all customers who lost financial info in this breach. In our experience, these credit monitoring services aren’t as effective as freezing your credit or securing your identity through strong passwords and manual credit monitoring (through something like Credit Karma).