T-Mobile Data Breach website allows anyone to sign up for identity theft protection

T-Mobile Data Breach website allows anyone to sign up for identity theft protection

Late Wednesday (August 18), T-Mobile posted a new webpage to assist current, former, and prospective customers affected by the company's latest data breach.

First, it is worth noting that T-Mobile does not appear to be limiting its offer of free two-year McAfee identity theft protection to affected individuals. Instead, from the required information, it appears that T-Mobile is allowing anyone to sign up.

This is highly unusual. Typically, a company that suffers a data breach will contact those affected by email or a letter posted to notify them that their data has been compromised.

When identity theft protection is offered, the letter or email contains a code that allows affected individuals to register with the service. This obviously discourages freeloaders who just want free identity protection.

However, on T-Mobile's free identity theft protection registration page, all one needs to provide is an email address or phone number. When I did so, the next screen told me that I would receive an email within a few days with instructions on how to register for the ID theft protection service.

Everyone who has ever had a postpaid T-Mobile account (an account that receives a monthly bill) should register for this protection service. In addition, everyone who may have signed up for a T-Mobile account in the past 20 years should sign up, regardless of whether they have an account or not.

Overall, however, opening the door to everyone may mean that T-Mobile does not know how to contact everyone affected.

According to T-Mobile's own figures, not only have 7.8 million current T-Mobile customers had their names, addresses, dates of birth, and social security numbers compromised, but also just over 40 million former customers and people who applied for T-Mobile accounts but were unable to obtain them.

With word that more than one in five American adults may have been affected by this data breach, it makes sense that T-Mobile would want to cast a wide net.

Current T-Mobile customers with valid accounts should be easy for the company to contact, but previous customers may have changed their email addresses or phone numbers.

Prospective customers who have not opened accounts may be even more difficult to contact, especially if the stolen data dates back to T-Mobile's founding in 2002.

T-Mobile may want to look through the stolen data and match the names and phone numbers of those whose identities were actually stolen with applicants who want free identity theft protection. if you receive an email from T-Mobile with instructions on how to set up identity theft protection, we will we will let you know.

Other aspects of T-Mobile's data breach assistance page are pretty good: changing your T-Mobile account PIN, changing your T-Mobile account password, activating T-Mobile's free account takeover protection and fraud shield features, and information breach related McAfee ID theft prevention features.

If you are a current or former customer of T-Mobile, you should change your account PIN and password immediately. The company has already reset the PINs of T-Mobile's prepaid customers because their passwords and PINs were definitely stolen, and postpaid customers should do the same.

And, at the risk of beating a dead horse, consider switching to another carrier. This is at least the fourth and possibly sixth major T-Mobile data breach in the past three years. It will not be the last.

Categories