After “claims made in an online forum that a bad actor had compromised T-Mobile systems,” the company began investigating the data breach, according to a press release issued on August 17, 2021. The breach compromised more than 40 million people’s data, including names, birthdays, and social security numbers. Of these, 7.8 million are current T-Mobile accounts, with 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs being exposed.
T-Mobile offered assurances that it has reset all of the PINs on the accounts that were compromised. The company also claimed “to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information.”
As part of its remedial measures, T-Mobile is offering two years of free identity protection services from McAfee to affected persons and is encouraging eligible customers to sign up for free scam-blocking protection. This approach, however, has come under criticism for putting “the onus on consumers to keep their information safe.”
The Robins Kaplan Privacy Pulse blog features privacy and cybersecurity litigation topics including the latest news in cybersecurity law and policy, privacy legislation, and other related cyber topics making headlines.
