T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers.
Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company data breach. At that time, it was not known if personal customer data had been accessed, but T-Mobile has now confirmed that the stolen data included personal information, such as customer names, dates of birth, SSN, and identification such as driver's licenses. There is as yet no indication that the data contained information about customer financial or payment information.
Currently, the information of 7.8 million current T-Mobile customers is believed to have been stolen, as well as information of over 40 million former or prospective customers. The company has been able to confirm that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed, leading the company to proactively reset all of these PINs.
Customers are due to be contacted shortly with the news that T-Mobile will immediately offer two years of free identity protection services with McAfee's ID Theft Protection Service, implement an additional step to protect mobile accounts with Account Takeover Protection, and publish a new web page for information and solutions for customers to further protect themselves. Customers will also be encouraged to change their account's PIN. T-Mobile's investigation into the data breach is ongoing.
Top Rated Comments
Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.
That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.
Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.