T-Mobile Cellular Breach

Last week we saw the mobile phone carrier T-Mobile fall victim to cybercriminal activity when a hacker accessed the personal data of their users.  They learned of the breach via claims that were made on an online forum.  This led to an investigation and hiring of cybersecurity experts to help with the situation.

They have not been able to confirm at this time whether financial information was compromised, but have confirmed the following data was breached:

• Driver’s license numbers
• Government identification numbers
• Social Security numbers
• Dates of birth
• T-Mobile PINs
• Names

As a result of this breach, experts were hired – at expert-level salaries, press-releases were written, web pages needed to be created with all the information that users would need, additional customer service channels needed to be established to answer questions, identity monitoring needed to be made available to all individuals affected, and much more.  This not only took the existing workforce away from their jobs, it required additional hiring of people and resources to accommodate the influx of calls.  And this had to be done while simultaneously addressing any reputational damage that occurred as a result of the breach. 

If this happened to your business, you'd likely have a much smaller pool of resources than T-Mobile. Who would you turn to for help? 

So, what can you do?

If you use T-Mobile, take actions to secure your account. 

Use this event to help you understand the impact of a breach and talk with your team about strong cybersecurity practices.

This also brings to light the importance of  cyber insurance in helping businesses recover from a data breach; but it should be made clear that cyber insurance is not an alternative to strong cybersecurity best practices.

Take Action Now

1. Change your password on your T-Mobile account and any other account that would share that password.  Moving forward, don’t use this breached password. Also, don't use the same password for multiple accounts!
2. Always use two-factor authentication.  This second way of verification may seem cumbersome initially, but it will save you much more work in the event of a data breach. 
3. Clean up your digital footprint.  Old accounts may have the same password as this breached account.  Even if you don’t use it, it may link the hacker to valuable information about you that can be cross-referenced to enable them to steal more of your data or identity!
4. Enable credit monitoring and freeze your credit.  This prevents any new accounts from being opened.

These steps, along with being diligent about looking at usage on your credit card accounts or bank statements will be important in the effort to mitigate any damage done by this breach.  While the effort should be ongoing, when a large breach like this occurs, it’s even more critical to take immediate action.