T-Mobile breached important data stolen

audreyh1 said:
Fidelity has my voice print on file.

They and other financial institutions use email to communicate with us.

And none of the above use our email as the user name for logging in.

How hackable is your email account? We have our own domain.

Yes, I agree protecting your phone number is very important.
Click to expand...

Good advice, we have the following experience:

I tried setting up voice print at one place, it continuously failed and finally the system gave up.
This was on our landline, so not a bad cell connection.
Makes me really question the accuracy of the voice recognition.
To date I don't have one set up.

I do own numerous domains, and we use special email addresses for each financial place not used anywhere else, with LONG random passwords (and a password manager).

Of course like most folks I carry my phone everywhere. How did I live for decades without one when grocery shopping :LOL:.
But of course carrying one around everywhere means more chances for it to get lost/stolen.

It's almost like I need a 2nd phone just for banking. :facepalm:
 
For overseas travel I have a wrist loop on my phone case. Also good for when you hang out over a precipice or bridge while taking a picture.
 
For those who drop cell signal try airplane mode and back to normal.

Received this txt from Tmob:

T-Mobile has determined that unauthorized access to some of your information, or others on your account, has occurred, like name, address, phone number and DOB. Importantly, we have NO information that indicates your SSN, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take the protection of our customers seriously. Learn more about practices that keep your account secure and general recommendations for protecting yourself: t-mo.co/Protect
 
Well, they recommended that you change your PIN (used when talking with customer support)

T-mobile said this to the Wall Street Journal:
The pilfered records vary by group. Records on postpaid customers and prospective customers include victims’ first and last names, dates of birth, Social Security numbers and driver’s license information, according to T-Mobile. These stolen files don’t include account numbers, passwords or PIN codes.

Hackers also seized names, phone numbers and account PIN codes for about 850,000 prepaid customers, according to T-Mobile.
Click to expand...

So SSN’s and Drivers license info was compromised.

This is what T-mobile currently says:
Our investigation is ongoing and this information may be updated. The exact personal information accessed varies by individual. We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s). We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed.
Click to expand...
 
Last edited:
You can sign up for free McAfee ID Theft Protection for 2 years per T Mobile.

https://www.t-mobile.com/brand/data-breach-2021

I no longer have T Mobile but my understanding is if you previously were a customer they got your information too.

I haven't paid for ID theft protection and cc monitoring for at least 10 years due to all the damn system hacks.

Make sure you claim individually all the people currently or previously on a plan.

This is far beyond getting ridiculous.
 
11522914 said:
You can sign up for free McAfee ID Theft Protection for 2 years per T Mobile.

https://www.t-mobile.com/brand/data-breach-2021

I no longer have T Mobile but my understanding is if you previously were a customer they got your information too.

I haven't paid for ID theft protection and cc monitoring for at least 10 years due to all the damn system hacks.

Make sure you claim individually all the people currently or previously on a plan.

This is far beyond getting ridiculous.
Click to expand...



Freeze your credit. Thanks to a former health insurance company my particulars have been out in the wild for over a decade. Thanks to freezes, so far I’ve not had problems. A freeze is the only real defense we have. The rest is locking the barn door after the horse has escaped.
 
Chuckanut said:
Freeze your credit. Thanks to a former health insurance company my particulars have been out in the wild for over a decade. Thanks to freezes, so far I’ve not had problems. A freeze is the only real defense we have. The rest is locking the barn door after the horse has escaped.
Click to expand...

A freeze is great but only solves part of the problem. Mostly opening of new accounts and credit.

This hack could allow sim-hijacking, reset of password, and the transfer of all assets out of existing bank accounts and brokerage accounts to some far off land...

It's very frustrating that we can do everything possible and still be robbed.:mad:
 
11522914 said:
You can sign up for free McAfee ID Theft Protection for 2 years per T Mobile.

https://www.t-mobile.com/brand/data-breach-2021

I no longer have T Mobile but my understanding is if you previously were a customer they got your information too.

I haven't paid for ID theft protection and cc monitoring for at least 10 years due to all the damn system hacks.

Make sure you claim individually all the people currently or previously on a plan.

This is far beyond getting ridiculous.
Click to expand...
Just received my McAfee ID Theft Protection subscription confirmation.

It allows you to enter types of data that it will search for in the dark web.

Put in my email address and boom, came up in the dark web as of 080721. It also tells you if a password was attached to the email hack.

Also signed up my wife and entered her email address and boom, came up in the dark web 4 times over the last 4 years.

Damn, that's some crazy shite. Several of hers were also attached with passwords but they didn't show what account it might have come from. I suspect it was some credit cards that have been hacked over the years.

Our SS and phone numbers did not show up.
 
One would think there would be a legal price to pay for allowing customer data to fall into the hands of crooks. But no. At the very least the CEO should do something to show remorse, perhaps have his avatar perform virtual form of seppuku? And then resign in shame. After all they have potentially made the lives of many tens of thousands of people miserable.

Five security breeches in about four years. Not so good, T-Mobile.
 
Chuckanut said:
One would think there would be a legal price to pay for allowing customer data to fall into the hands of crooks. But no. At the very least the CEO should do something to show remorse, perhaps have his avatar perform virtual form of seppuku? And then resign in shame. After all they have potentially made the lives of many tens of thousands of people miserable.

Five security breeches in about four years. Not so good, T-Mobile.
Click to expand...

I personally feel the CEO should have to pay a fine of $1 per person affected from his past income and future income.
I'm sure it's going to cost me more than $1. :cool:
 
When I log into T Mobile this language is on a banner at the top.

T-Mobile continues to aggressively investigate this incident. At this time we have no information that indicates your SSN, driver’s license or government issued ID associated with your account were impacted. If that changes, we will contact you. To be clear, in this incident no personal financial or payment information, credit or debit card information, account numbers, account passwords, or your wireless accounts were accessed.
Click to expand...

So what I get from this is that while SSN, drivers license and such were obtained for some people, they were not obtained for me. Maybe I am not interpreting it correctly, but I read it that I don't have to be worried about this. Nonetheless, I did change my PIN and my password.
 
A saving grace for us is that our DL’s have renewed so the info T-mobile has is not current.

But grrrrrrr!

The last T-mobile breach (I’m aware of 2) was at one of the credit agencies managing T-mobile data. I guess they decided to bring it in house and still ended up with a major breach.
 
I did a pin reset, set up 2 factor, and signed up for T mobile's "account takeover protection" for what that's worth. I wish financial sites would get away from text based 2 factor.
 
RetMD21 said:
I did a pin reset, set up 2 factor, and signed up for T mobile's "account takeover protection" for what that's worth. I wish financial sites would get away from text based 2 factor.
Click to expand...

Fortunately mine use email.
 
RetMD21 said:
I wish financial sites would get away from text based 2 factor.
Click to expand...

+1

It is a big weak hole in security. Keep in mind the financial institutions are the ones who don't think we can remember a Pin number to use with our chipped cards like most of the rest of the Western world uses.
 
Chuckanut said:
+1

It is a big weak hole in security. Keep in mind the financial institutions are the ones who don't think we can remember a Pin number to use with our chipped cards like most of the rest of the Western world uses.
Click to expand...

Vanguard, for example, lets me use a U2F key but they allow text based alternate which sort of defeats the purpose
 
Katsmeow said:
When I log into T Mobile this language is on a banner at the top.



So what I get from this is that while SSN, drivers license and such were obtained for some people, they were not obtained for me. Maybe I am not interpreting it correctly, but I read it that I don't have to be worried about this. Nonetheless, I did change my PIN and my password.
Click to expand...

i got the same message.
 
I notice T-mobile is not claiming all this personal information was encrypted...

I guess, nope it was all lying out there in plain text easily readable by anyone looking :facepalm:

They could have used different encryption for different forms of data, some that would allow decryption and others that are one-way only.
But it's easier to do nothing.
 
RetMD21 said:
Vanguard, for example, lets me use a U2F key but they allow text based alternate which sort of defeats the purpose
Click to expand...

+1
I was thinking of them as I read the comments on security at financial companies.

I do wonder if Vanguard has some other stuff in place that helps ensure you are who you say you are. There's some pretty sophisticated AI these days that can identify subtle nuances in how a person says and does things. It's easy enough to figure out if a 'sell everything and send it to my new address' order comes from a computer not usually used when accessing Vanguard. This is just guess work on my part.
 
Katsmeow said:
When I log into T Mobile this language is on a banner at the top.



So what I get from this is that while SSN, drivers license and such were obtained for some people, they were not obtained for me. Maybe I am not interpreting it correctly, but I read it that I don't have to be worried about this. Nonetheless, I did change my PIN and my password.
Click to expand...

Here's the blog entry from their CEO dated August 27 -
https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers

"As of today, we have notified just about every current T-Mobile customer or primary account holder who had data such as name and current address, social security number, or government ID number compromised. T-Mobile customers or primary account holders who we do not believe had that data impacted will now see a banner on their MyT-Mobile.com account login page letting them know."
 
RetiredAt55.5 said:
Here's the blog entry from their CEO dated August 27 -
https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers

"As of today, we have notified just about every current T-Mobile customer or primary account holder who had data such as name and current address, social security number, or government ID number compromised. T-Mobile customers or primary account holders who we do not believe had that data impacted will now see a banner on their MyT-Mobile.com account login page letting them know."
Click to expand...

Further down in the article -
"Today I’m announcing that we have entered into long-term partnerships with the industry-leading cybersecurity experts at Mandiant, and with consulting firm KPMG LLP. We know we need additional expertise to take our cybersecurity efforts to the next level—and we’ve brought in the help. These arrangements are part of a substantial multi-year investment to adopt best-in-class practices and transform our approach. This is all about assembling the firepower we need to improve our ability to fight back against criminals and building a future-forward strategy to protect T-Mobile and our customers."

and
"Simultaneously, we are partnering with consulting firm KPMG, a recognized global leader in cybersecurity consulting. KPMG’s cybersecurity team will bring its deep expertise and interdisciplinary approach to perform a thorough review of all T-Mobile security policies and performance measurement. They will focus on controls to identify gaps and areas of improvement. Mandiant and KPMG will work side-by-side with our teams to map out definitive actions that will be designed to protect our customers and others from malicious activity now and into the future."

So, it's good to see they're bringing in outside experts to get their act together.
 
Perhaps a sigh of relief (for now) when I logged in to be notified with a banner that states:

"Cybersecurity incident: T-Mobile continues to aggressively investigate this incident. At this time we have no information that indicates your SSN, driver’s license or government issued ID associated with your account were impacted. If that changes, we will contact you. To be clear, in this incident no personal financial or payment information, credit or debit card information, account numbers, account passwords, or your wireless accounts were accessed."
 
You must log in or register to reply here.

Similar threads

PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
996
1242Vintage
1
W
GEHA unable to provide status of claim
Replies
7
Views
452
Tadpole
Tadpole
MichaelB
T-Mobile raising price?
2 3 4
Replies
76
Views
6K
Jimsim0225
J
easysurfer
MOVEit Hack
Replies
10
Views
878
easysurfer
easysurfer
O
T-Mobile Rant... the BS continues.
Replies
11
Views
1K
Irishgirlyc58
Irishgirlyc58

Latest posts

Back
Top Bottom