T-Mobile’s Latest Major Data Breach Impacts over 50 Million Americans
August 24, 2021For the fifth time in the past three years1, T-Mobile suffered a data breach by hackers. On August 17, 2021, a hacker broke into the 5G wireless provider’s systems and stole personal information of over 50 million people including social security numbers, names, birth dates, driver’s license information, and International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers which are unique phone identifiers that could be used to track locations and other invasive phone-based actions1,2,3,4.
The breach was discovered when the bad actor listed the stolen personal information on an online forum in attempts to sell the data for up to $270,000 in bitcoin, a popular cryptocurrency.
“It seems T-Mobile has not learned from these previous breaches, especially considering they didn’t know about the attack until the attackers posted about it in an online forum,” said Allie Mellen, a Forrester Inc cybersecurity analyst in a Wall Street Journal article5.
This data exfiltration attack, which differs from ransomware attack where files and systems are encrypted to make them inaccessible, resulted in stolen information from both current and former customers as well as people who submitted information for a credit check, but never became a T-Mobile customer.
No matter how information is stolen or a hack is committed, security analysts and cybercrime experts are pushing back on the idea that it is individual’s responsibility to protect their data, instead claiming the onus is on the organization.
“I do not think it’s on the individual to protect their data,” said Yuan Stevens, a researcher at Ryerson University in an article on the incident published by the New York Times. “We should not have to opt out of using services in order to protect ourselves. Instead institutions should be responsible for protecting consumer data.6”
In response to the breach, T-Mobile issues the following statement on its website: “Customers trust us with their private information and we safeguard it with the utmost concern. A recent cybersecurity incident put some of that data in harm’s way, and we apologize for that. We take this very seriously, and we strive for transparency in the status of our investigation and what we’re doing to help protect you.”7
T-Mobile has offered two free years of credit monitoring for those affected and also created a website for victims of the hack to receive updates about the situation and information on how they can protect themselves7,8.
Chris Velazco, a technology writer for the Washington Post, offers his own protective steps for those that were impacted by this, or any other hack:
- Contact the company where you believe your information was hacked.
- Change any and all passwords related to the hacked account
- Freeze your credit
- Use two-factor authentication when possible
- Stay vigilant of your accounts’ activity
If you’re interested in protecting personal data and fighting cybercriminals, learn about the growing cyber and information security fields from our experts who are leading the nation in cybersecurity education. Capitol Technology University offers cybersecurity and security intelligence degrees at the bachelor's, master's, and doctoral levels. For more information on these programs, email admissions@captech.edu.
References:
- Velazco, C. (2021, August 20). Here’s what to do if you think you’re affected by T-Mobile’s big data breach. Retrieved from https://www.washingtonpost.com/technology/2021/08/19/t-mobile-data-breach-what-to-do/.
- Techopedia. (2016, November 15). International Mobile Subscriber Identity (IMSI). Retrieved from https://www.techopedia.com/definition/5067/international-mobile-subscriber-identity-imsi.
- TechTarget. IMEI (International Mobile Equipment Identity). Retrieved from https://whatis.techtarget.com/definition/IMEI-International-Mobile-Equipment-Identity.
- FitzGerald, D. (2021, August 20). T-Mobile Says 6 Million More Customer Files Accessed in Data Breach. Retrieved from https://www.wsj.com/articles/t-mobile-says-6-million-more-customer-files-accessed-in-data-breach-11629468163.
- Uberti, D. & Rundle, J. (2021, August 20). T-Mobile Data Hack: What We Know and What You Need to Do. Retrieved from https://www.wsj.com/articles/t-mobile-data-hack-what-we-know-and-what-you-need-to-do-11629404953.
- Paz, I. (2021, August 18). T-Mobile Says Hack Exposed Personal Data of 40 Million People. Retrieved from https://www.nytimes.com/2021/08/18/business/tmobile-data-breach.html.
- T-Mobile. (2021, August 19). NOTICE OF DATA BREACH: Keeping you safe from cybersecurity threats. Retrieved from https://www.t-mobile.com/brand/data-breach-2021.
- Fung, B. (2021, August 18). T-Mobile says data breach affects more than 40 million people. Retreived from https://www.cnn.com/2021/08/18/tech/t-mobile-data-breach/index.html.