- Mobile telecom providers U.S. Cellular, Mint Mobile and T-Mobile have all been breached in 2021. In fact, T-Mobile has been breached twice in 2021, and once in December 2020.
- If your mobile phone account is breached, you should freeze your credit, change your passwords and PIN numbers, and use multi-factor authentication (MFA or 2FA) using an app, not text messages, to protect yourself when available.
- You should also follow the steps in any data breach notification letter you receive or read in a public notice.
- Keep an eye out for phishing emails, closely monitor your financial accounts and contact your Department of Motor Vehicles (DMV) if your license number is exposed in the breach.
- If you believe your phone account is breached, or want to learn more, contact the Identity Theft Resource Center. Call toll-free (888.400.5530) or live-chat on the company website www.idtheftcenter.org.
The Rise in Mobile Data Breaches
The Identity Theft Resource Center (ITRC) has seen mobile data breaches rise, particularly in 2021. Customers of mobile phone companies that have not reported a breach also want to know what to do if their phone account information is exposed.
In January, U.S. Cellular suffered a data breach after hackers were able to scam employees to gain access to one retail store’s computer. In July, some Mint Mobile customers had phone numbers ported, leading to data being accessed. One month later, T-Mobile was breached when bad actors compromised their systems, impacting millions of documents. In fact, it is the second T-Mobile data breach in 2021 and the third since December 2020. Right now, Bleeping Computer reports that well-known threat actor ShinyHunters claims to be selling a database containing the personal information of 70 million AT&T customers. However, AT&T says they did not suffer a data breach.
Telecommunications companies continue to be targeted by identity criminals due to the importance of mobile devices in our daily lives. The rise in mobile data breaches means everyone needs to be prepared if they are impacted by a compromise. There are steps you can take to protect your information and if your phone account is breached.
What You Should do to Protect Yourself if Your Phone Account is Breached
- Freeze your credit. Monitoring your credit is informative because it alerts you to changes on your credit reports that may need further investigation if your phone account is breached. However, it does not offer protection. While it tells you what happened, it does not stop anything from happening. A credit freeze does. Freezing your credit is free, easy and does not impact your credit.
- Change your mobile phone account password and PIN numbers. Also, change the passwords of other accounts with the same password or PINs as the breached account. You do not want the same passwords or PINs on more than one account. Cybercriminals want you to do that because they can commit credential stuffing attacks. The ITRC recommends you switch to a unique 12+ character passphrase because they are harder for criminals to crack. You can also use a password manager to generate and keep track of your credentials.
- Use multi-factor authentication (MFA or 2FA) on your accounts. MFA and 2FA provide an added layer of security, making it harder for hackers to gain access if your phone account is breached. Also, if possible, use an authentication app rather than having a code sent by text to your phone because the text messages can be spoofed and intercepted in a SIM swapping scheme. Authentication apps are available for free from Microsoft, Google and other software providers.
- FOR BUSINESSES: Don’t lose control over the information you don’t have. Don’t collect more information than you need. Don’t keep the sensitive information longer than you need to complete the transaction. Keep what data you do collect and maintain safe and secure by encrypting it. Finally, make sure you offer MFA or 2FA for your customers’ and prospects’ protection when logging into their accounts.
Next Steps to Take if Your Phone Account is Breached
- Watch for data breach notification letters. It is easy to ignore a breach notification. However, there are usually important steps in the notices, like how to activate free identity protection services. Follow the advice offered by the impacted company.
- Be on the lookout for phishing emails. Identity criminals may look to exploit the data breach to get you to click on a malicious link or share sensitive information.
- Closely monitor your financial accounts (credit cards, banking, utilities, etc.) If you see anything out of the ordinary, it may be a sign of fraudulent activity.
- Contact the Department of Motor Vehicles (DMV) if your license is impacted. Notify the DMV in your state that your information may have been exposed. See if you can place an alert on your license number and check your driving record.
Contact the ITRC
Data breaches are inevitable. Consumers can do everything right and still have their phone account breached. If you believe your phone account is breached or want to learn more, contact the ITRC. You can speak with an expert advisor by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org. Advisors will answer any question you may have and help you through the resolution process.
The ITRC does not want anyone to panic. While it can be frightening if your phone account is breached, you will be able to work through any misuse of your information if you have a plan.