T-Mobile has revised upward its estimate of the number of people affected by the recent data breach, adding another 6 million accounts, bringing the total to 54 million, in a blog post updated today (August 20).
If there is a silver lining, none of these new 6 million people had their Social Security numbers stolen, but most had their names, dates of birth, and phone numbers compromised. These people are at slightly lower risk of identity theft than the 48 million whose SSNs and driver's licenses were stolen.
In less good news, about 13 million current T-Mobile customers had their IMEI (International Mobile Equipment Identity) numbers, which identify their phones, and their IMSI (International Mobile Subscriber Identity (IMSI) number that identifies the SIM card, as well as their phone numbers were actually compromised.
Everyone affected by this breach is entitled to two years of free McAfee Identity Theft Protection, paid for by T-Mobile. At this time, anyone can sign up to try this deal, whether or not they are associated with T-Mobile, but there is no guarantee that they will actually qualify. [Meanwhile, litigation has also begun, and according to Vice Motherboard, a class action complaint was filed yesterday (August 19) in federal court in Washington state on behalf of four people allegedly harmed by T-Mobile's data breach. The lawsuit does not specify the amount of the award, but demands a jury trial.
If you have a T-Mobile account or have just signed up for one, you should take the company's offer of free identity monitoring. That's true even if you already have identity theft protection coverage, either as a result of another data breach or as a result of a self-paid identity theft protection coverage.
You should also change your password and PIN for your T-Mobile account; T-Mo says that only about 900,000 prepaid customers (including 52,000 Metro by T-Mobile users as of today) had their PINs and passwords compromised and that it has stated that they have already reset their PINs.
Perhaps as a result, T-Mobile's official data breach response page has also been changed, removing links to reset T-Mobile PINs and reset T-Mobile passwords.
If you are one of the 48 million people whose name, address, date of birth, or SSN was stolen, or one of the 6 million people whose everything but address and SSN was stolen, contact one of the credit Big Three (Equifax, Experian, or TransUnion) and have your credit file to have a fraud alert posted to your credit file.
The agency you contacted will notify the other two. Here is how to initiate a fraud alert.
You should also consider placing a credit freeze on each of the Big Three. You will need to contact each company individually, and here is how to do so A credit freeze could complicate efforts to get a loan or open a new payment account, but could temporarily "unfreeze" the file for a day or two if necessary.
It is not easy to track down the various people affected by this T-Mobile leak, but this is the latest best effort.
T-Mobile claims that no credit card or other financial information was compromised in the breach.
Comments