For quite some time, Social Security numbers have been called the “Holy Grail” of personally identifiable information. With access to your SSN and a few other key data points, an identity thief could open new lines of credit and run up bills for large purchases for years to come. If you discovered the fraudulent card and canceled it, they could simply open up another one.

In any data breach, it was almost a relief to find out that the victims’ SSNs had not been compromised… but that may not be the case anymore.

As a newly announced data breach of T-Mobile’s network shows, our phone numbers can be a hot commodity for hackers. Hackers made off with the names, email address, some of the accounts’ passwords, account numbers and phone numbers for . The cellular provider discovered the incident on Aug. 20 and shut down the hackers’ access, then began the process of investigating and sending out notification letters to affected customers.

You might think a thief can’t really do much for this information, but that’s not true. With just the data compromised, identity thieves can port the affected customers’ phone numbers to a new SIM card, install it in a new handheld device and access any accounts that the user has connected through that phone number.

For example, a hacker can get into your email account, Amazon account, online banking or PayPal account and more by having the password reset link sent to the phone number associated with the accounts, even if two-factor authentication was in place. The thief can then access the victims’ text messaging, receive the one-time-use verification code and use it to change the victims’ passwords on any accounts where they’ve entered their phone number.

T-Mobile has already begun notifying the victims and offered them some key instructions, namely to change their passwords on their accounts. However, it’s also a good idea to change the passwords on any other sensitive accounts—not just the T-Mobile accounts—and to be on the lookout for any unusual activity. This might include notifications of logins from new devices, contacts from your account providers telling you of suspicious activity, any unusual deductions from your financial accounts and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media