T-Mobile customers file class action lawsuits as investigation finds 53 million affected by data breach

Business

Business Insider 21 August, 2021 - 02:12pm 39 views

Did T Mobile get hacked?

T-Mobile said it learned late last week that an individual in an online forum claimed to have breached its systems and was attempting to sell stolen customer data. The company confirmed on Aug. 16 that it was hacked, later adding that attackers made off with personal data from 54 million people. The Wall Street JournalT-Mobile Data Hack: What We Know and What You Need to Do

Data on millions of additional customers was also compromised, T-Mobile said.

T-Mobile revealed Friday that the personal data of more than 5 million additional customers was compromised in the recent cyber attack, bringing the total number of people impacted to over 50 million.

The company revealed earlier this week that it was the victim of a "highly sophisticated cyberattack," and that the data of millions of current and prospective customers -- including names and social security numbers -- had been compromised. The company reiterated on Friday that it has no indication any of the stolen files include financial information or credit and debit card information.

"We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised," the company said Friday, adding that it also determined phone numbers and IMEI and IMSI information (identifier numbers associated with a mobile phone) were also compromised. "Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed."

The company said the additional accounts, however, did not have any social security numbers or driver's license information compromised.

"We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised," the company added. "We have since identified an additional 667,000 accounts of former T-Mobile customers that were accessed with customer names, phone numbers, addresses and dates of birth compromised."

Similarly, the company said social security numbers or driver's license information for the additional batch of accounts was not accessed.

T-Mobile said it is offering support to those impacted by the data breach by offering two years of free identity protection services with McAfee's ID Theft Protection Service, sharing best practices and security steps that can be taken and recommending customers sign up for a free scam-blocking protection.

The company also published a customer support landing page with further information on the data breach.

"As we support our customers, we have worked diligently to enhance security across our platforms and are collaborating with industry-leading experts to understand additional immediate and longer-term next steps," the company said. "We also remain committed to transparency as this investigation continues and will continue to provide updates if new information becomes available that impacts those affected or causes the details above to change or evolve."

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small -- raising concerns from many that no company is immune.

In the wake of the Colonial Pipeline ransomware attack that forced a multiday shutdown of a massive East Coast fuel conduit, President Joe Biden signed an executive order aimed at modernizing the federal government's response to cyberattacks.

24/7 coverage of breaking news and live events

Read full article at Business Insider

Analysis | The Cybersecurity 202: There was another massive data breach. People will probably forget it in a week.

The Washington Post 21 August, 2021 - 10:10pm

A pair of passengers flying out of Boston, accused of refusing to wear a mask, punching a passenger in the face and threatening to kill someone on board a plane, were among the 34 people who the FAA announced fines against on Thursday for unruly behavior on flights in 2021.

The latest round of fines, which totaled $531,545, pushed the total over $1 million in 2021 for unruly passengers.

Of the new fines announced on Thursday, $36,500 originated from passengers flying out of Logan International Airport in Boston.

On April 12, a woman flying out of Boston on JetBlue refused to wear a mask and shouted obscenities at the flight crew, the FAA said. She also intentially bumped a seated passenger on her way to the bathroom and eventually punched the person in the face when they objected to her actions, the FAA said.

Law enforcement met the plane at the gate, the agency said. She was fined $29,000.

The second fine occurred on March 6 on another JetBlue flight to Florida. The FAA said a man flying from Boston to Miami threatened to kill a passenger seated in front of him. Police escorted the passenger off the plane after landing, the FAA said.

The man faces a fine of $7,500.

Since Jan. 1, 2021, the FAA has received approximately 3,889 reports of unruly behavior by passengers, including about 2,867 reports of passengers refusing to comply with the federal face mask mandate.

Of the 34 fines announced on Thursday, 22 of the incidents at least involved a passenger not following the mask mandate.

The Centers for Disease Control and Prevention, the Transportation Security Administration, and the U.S. Department of Transportation still requires passengers wear a mask on planes, buses, trains, and other forms of public transportation traveling into, within, or out of the United States.

Masks are also required in U.S. transportation hubs such as airports and stations.

Note to readers: if you purchase something through one of our affiliate links we may earn a commission.

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

These cookies may be set through our site by us or our partners. These are cookies that may allow us to count visits and traffic sources so we can measure and improve the performance of our site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

T-Mobile breach hits 53M customers as probe finds wider impact

KSL.com 21 August, 2021 - 10:10pm

Be proactive, regardless of whether you're a victim of this particular hack. 

T-Mobile continues to investigate a data breach from earlier this week, in which the personal information of tens of millions people may have been compromised, and not just for active subscribers. The figure includes a spectrum of data, including names, drivers license numbers, Social Security numbers and device identification (IMEI and IMSI) numbers for subscribers, former customers and prospective customers who may have been interested in T-Mobile service at one point. The breach includes customers of Metro by T-Mobile, too; in short, almost anyone who's considered T-Mobile could be affected.

There's "no indication" that financial data like credit card or other payment information was compromised, T-Mobile said Friday in a press release. The company has reset PIN numbers for all prepaid customers after the exposure of 850,000 PINS for this group. Right now, there's no way to tell if you should take additional action. T-Mobile is still completing its investigation and will notify people whose data was accessed. In the meantime, you can read our guide to check if your password is on the dark web.

While the situation develops -- T-Mobile could reportedly face a class action -- there are things you can do to help secure your sensitive data against any hack -- regardless of whether your information has been included in any number of data breaches.

The downside to freezing your credit is that when you want to make a purchase, such as upgrading your iPhone, you'll need to go through the process of briefly removing your credit freeze -- and then refreezing once you're done. 

Yes, it's inconvenient. But the extra time you take to freeze, unfreeze and then refreeze your credit is worth it and pales in comparison to the time you'd spend trying to reverse the damage done by someone opening a credit card or line of credit in your name. 

Lock down everything you can, as soon as you can. 

Staying on top of what's on your credit report is an easy way to make sure someone isn't using your information nefariously. Some companies offer free credit monitoring to victims of a data breach, but oftentimes that's only temporary. For example, T-Mobile is offering two years of McAfee's ID Theft Protection Service for free to those affected by the latest breach. Take advantage of offers like this if your data is included in a breach, but once the limited-time offer expires, be ready to sign up for another service.

There are several credit monitoring services that help you watch your credit report and using one could mean you will receive an alert and hopefully catch false accounts as soon as they happen. 

Monitoring your credit report is an important step to take; however, there's so much more that can be done with your personal information. In addition to keeping an eye on your Social Security number and credit, an identity-monitoring service will monitor the dark web for anyone selling or trading your personal information or arrests under your name. It should give you peace of mind if someone tries to do anything with your personal information. 

1Password is one of many password managers that keep your information secure. 

Using a unique and strong password for every online account you own is an easy way to make sure a breach of one service doesn't lead to bad guys accessing more of your online accounts where you used the same password.

Instead of reusing a password -- or a series of passwords -- rely on a password manager to create, store and autofill your login information. 

The most important aspect of taking action after a hack or breach is announced is to not wait for the affected companies to announce how they want you to handle it. Be proactive. At the end of the day, it's your information and your financial future that's at stake.

After locking down your credit and starting monitoring services, begin to look at suggestions from the affected companies.

Some breaches lead to settlements, forcing the company to offer free services or, as in the 2017 Equifax case, settlements.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

T-Mobile discloses about 6 million more customers than previously thought had personal data 'compromised'

MarketWatch 21 August, 2021 - 10:10pm

Save big + get 3 months free! Sign up for ExpressVPN today

This week another shocking data breach came to light that reportedly leaked the personal information of tens of millions of current and former T-Mobile customers. Subsequent reporting revealed that the actual number of affected customers was much lower than originally reported, but it was still in the order of 50 million total accounts.

Considering how popular T-Moble is among our readers, we thought we'd ask them if this latest breach was enough to make them want to switch carriers — and the results we got were a little surprising. Over 40% said that they would not leave T-Mobile, while nearly another 30% said that they weren't yet sure. Only about 30% said that they would, indeed, be leaving the "uncarrier."

While the total number of accounts affected was lower than originally thought, it is still a massive number of subscribers whose data was compromised. And yet, whether it's because the pain of switching is too high, or people have resigned themselves to the realities of modern-day identity theft, the majority of participants who responded to our poll said that they probably wouldn't leave T-Mobile because of it.

There were a ton of comments to our poll on our social media channels, but a common thread among respondents was one of resignation. As reader khaneric put it:

I've had so many breaches over the years from ALL sorts of avenues that it honestly doesn't even matter anymore. My data has been stolen 10 times over, I've had fake tax returns submitted for my SSN, etc. This is the new normal, unfortunately.

Other readers on Twitter and Facebook concurred:

Not really. At this point, almost rvery major company has had some sort of massive data breach. Nobody's information is safe in this day and age. As long as the company acknowledges it and provides a remedy of some sort, that's all I can really expect tbh.

Our poll is closed, but we'll have another poll this weekend for you to participate in. So be on the lookout for it!

Every year, Sony comes so close yet so far to making a meaningful impact in the Android smartphone market. Is the Xperia 1 III the device that could finally change that? Here's everything you need to know about Sony's latest flagship, which you can buy right now.

The new Motorola Edge (2021) sells for just $500 at launch and packs in some seriously impressive specs for the price, but it's only available for a limited time. Can it succeed when the price goes up? We take a look in our Motorola Edge (2021) hands on.

Google is replacing the Pixel 5 and 4a 5G with the newly-announced Pixel 5a. The device offers the same processing power and camera hardware while including the largest battery that we've ever seen in a Pixel device.

Just bought the latest Galaxy Z Fold 3 folding phablet from Samsung? Congratulations! Your next order of business should be to buy the best 25W charger to keep your Z Fold 3 powered up. Here are our best picks of 25W chargers for your spanking new foldable.

Sign up now to get the latest news, deals & more from Android Central!

I would like to receive news and offers from other Future brands.

I would like to receive mail from Future partners.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.

Hackers steal even more Social Security numbers. How should you protect yourself?

Los Angeles Times 20 August, 2021 - 03:57pm

The information offered for sale was similar in both breaches, including full names, addresses, birth dates and Social Security numbers. In short, it’s the foundation for identity theft.

AT&T responded Friday by casting doubt about the claim by the prolific ShinyHunters cabal, stating that "[b]ased on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.”

Regardless of where the data came from, though, if it’s valid it could be a nightmare for anyone whose sensitive information is exposed. Here’s a quick guide to the risks you may face and some of the things you can do to protect yourself.

Social Security numbers are widely used by the federal government, banks, investment companies, government benefit programs and insurers to verify your identity. Your stolen Social Security number can be used to open fraudulent credit card accounts, divert or fraudulently collect benefits and commit workplace fraud, among other forms of deceit. Throw in your name, birth date and email address (which the ShinyHunters claim to have stolen too), and it’s significantly easier for someone to pretend to be you.

Identity thieves could use that information to target both you and the banks, insurers and other companies you do business with. For example, they could use it to make phishing emails seem more realistic, helping to persuade you to give up additional sensitive information such as a password or personal identification number (PIN). Or they could use it to dupe your bank into letting them change the password on your account, giving them access to your money.

The T-Mobile breach also exposed the phone numbers, device identifiers and SIM-card numbers for more than 13 million of its current customers. That creates an opening for at least one more malign possibility: a SIM-swap attack. That’s where someone persuades your mobile phone company to transfer your number to a different device, which he or she then uses to try to break into the accounts that you’ve tied to your phone number.

It’s increasingly common for people to use their mobile phone numbers as a way to verify their identity — for example, when they log into their online banking account, or when they want to reset their password. But that convenience can backfire if your number is hijacked, then used to impersonate you online.

This is what happens when a malicious software attack turns a business owner’s life upside down.

Because it’s the easiest way to check your credit rating. Companies like AT&T and T-Mobile want to know if you have a record of paying your bills on time before agreeing to provide you an account or to sell you a phone in monthly installments. And the major credit rating agencies use Social Security numbers to match people to their credit histories.

“The SSN is the only unique universal identifier across the entire population,” explained Francis Creighton of the Consumer Data Industry Assn., which represents the credit agencies. “There’s nothing else that can replace it in today’s market.”

Social Security numbers also help guard against people setting up fraudulent credit reports, Creighton said. And while there are ways to establish a credit score that don’t rely on your Social Security number, he said, the first step is for a lender or service provider not to ask for it. You can’t be compelled by a phone company or other private-sector business to reveal your number, but in California and most other states, the business can refuse to serve you as a result.

Once you’ve paid off your new phone or switched carriers, though, your mobile company will no longer be filing reports about you to the credit bureaus, Creighton said. Nevertheless, the hackers behind the latest T-Mobile breach were able to steal Social Security numbers for former T-Mobile customers that the company held onto for some reason.

For the last decade, tech companies have been developing alternative ways of identifying people to make it easier to guard against identity theft, said André Ferraz, chief executive of Incognia, one of those tech companies. Ideally, Ferraz said, companies would supplement identifiers that cannot be changed, such as Social Security numbers, with identifiers based on a person’s unique behaviors, which evolve over time. Unfortunately, those solutions haven’t been widely adopted yet.

A Long Beach couple received what looked like an email from a neighbor asking for help. Then came the request for gift cards.

The single best thing to do is to put a freeze on your credit files, which will prevent anyone from opening a new account. It’s free to place a freeze and to lift it for your own needs. But you have to contact each of the three major credit bureaus individually, which you can do online. Cybersecurity expert Brian Krebs also suggests freezing the credit files maintained by a handful of smaller, specialized agencies. You should also check your credit score regularly, which is a good way to detect fraud after it happens.

Credit- and identity-monitoring services, which typically carry a monthly fee, can also help reveal the work of identity thieves. They provide tools to prevent you from phishing and other forms of hacking combined with scanning services that look for your Social Security number or email address in places online where it doesn’t belong.

T-Mobile is offering two years of McAfee’s monitoring service for free to anyone affected by the breach. It has set up a website suggesting more steps people can take to guard against fraud. Anyone with a smartphone would be wise to take them:

On the plus side, two-factor authentication is becoming the standard online, and that’s improving security across the web. But too many sites encourage you to make that second factor a text message sent to your phone number, which encourages SIM swap fraud. Wherever possible, use an authentication app instead.

The giant data breach at T-Mobile raises the risk of identity theft even for people who aren’t customers. Here are some tips for protecting yourself.

Business Stories