T-Mobile has become the most recent telecom giant to announce a data breach affecting a large number of U.S. customers. As part of the T-Mobile data breach, more than one million prepaid service accounts were affected, which included names, addresses, phone numbers and information about customers’ rate plans, calling features and international calling.
This information may not appear to be very damaging. After all, there is no financial information or identifying data from the T-Mobile data breach that could allow thieves to open a new line of credit or a new account. However, the information that was compromised could still be used for malicious purposes. By having detailed information on what plan a customer has and what calling features they subscribe to, it would not be very difficult to convince a T-Mobile associate that the hacker is actually the account holder, and then solicit the employee’s help in taking over the account entirely.
T-Mobile has not answered some key questions about the T-Mobile data breach, such as the specific number of customers who were affected and whether it was a breach of its customer website or another online source. While the company should be applauded for a rapid response to discovering the T-Mobile data breach, there is other pertinent information that the public and security experts alike could benefit from knowing.
Many of the customers have already received a text message notification about the T-Mobile data breach, which is another possible cause for concern. Users have to be able to discern between genuine communications from the company and phishing attempts by hackers who are posing as T-Mobile representatives. Any message that asks you to confirm your information, especially sensitive things like your password or PIN, is suspicious and the company has said it will never contact its customers for that kind of data.
This is true of most companies, whether there has been a data breach or not. Phishing attacks work because the victim thinks they are talking to someone from the business. Instead, it is a cleverly disguised copy of a company communication. In any event, there is never a reason to verify your identifying information for someone who contacts you, no matter what form the communication takes. Ignore the message and go directly to your account online in order to verify that everything is okay.
You might also like…