We have bad news, and we have even worse news. Which do you want first?
Ok, the bad news is that as a result of the data breach we reported on Monday, the actual number of people affected (so far) is much less than the 100 Million we originally suspected. In fact, the actual number of current postpaid T-Mobile customers affected currently sits at 7.8 million. While that number is much lower than we thought, it’s still way higher than it ever should be.
Now for the even worse news.
Consumers are constantly being put at risk due to T-Mobile’s blatant lack of concern for privacy and data security.
There were 40 MILLION former or prospective customers who had their data included in the breach. That’s right, there were more NON-T-Mobile customers affected than current subscribers. The data that was exposed in all counts include social security numbers, driver’s license info, dates of birth, and first and last names. This is all very troubling news, considering the fact that the vast majority of people that were affected, shouldn’t have been. The lack of concern towards an individual’s privacy and confidential information has become more evident to the general public nowadays. It’s likely why many people may move towards more secure devices and communication methods, such as using a sky ecc phone or others like it, that provide strong encryption and ensure security of data.
This also begs the question: If these people aren’t subscribers anymore, or never signed up for service, why is T-Mobile holding on to their data?
The damaging part of this is that this breach could have been avoided if the company in question was compliant with PII guidelines (head to https://www.tokenex.com/solutions/privacy-compliance to learn more). As for T-Mobile, they have had multiple issues with data breaches in the past. In fact, this is now breach number six across four years. Because they haven’t utilized data activity monitoring services of somewhere like Cyral, consumers are constantly being put at risk due to T-Mobile’s blatant lack of concern for privacy and data security. If anything, this should be at the top of their list of priorities. /p>
Even though T-Mobile is currently in full-blown damage control, they are trying to downplay the gravity of the situation. They seem to be constantly reminding people that there was no financial information exposed in the breach, which is good, but not good enough.
The data that has fallen into the wrong hands is more than enough to subject each and every person involved to a considerable amount of identity theft. T-Mobile is offering anybody affected by this data breach 2 years of free identity protection services with McAfee’s ID Theft Protection Services.
They’ve also launched what they’re calling Account Takeover Protection which essentially makes it difficult for imposters to fraudulently port subscriber’s phone numbers away from T-Mobile. Subscribers are also encouraged to take precautions and change their account pin/passcode to prevent any unauthorized account access.
In addition to those postpaid subscribers that were affected, approximately 850,000 prepaid customers had their names, phone numbers, and account PINS exposed. T-Mobile has already reset the PINs associated with the affected prepaid accounts.