In August 2021, T-Mobile announced that a colossal data breach of its databases had exposed the sensitive, personal information of millions of its customers, putting them at risk for identity theft and other cybercrimes. The stolen data came from the accounts of former and current customers, as well as future prospects.
If your company uses T-Mobile, it’s important to understand the timeline of events, the potential impact of the breach, and how you can protect your business.
Timeline of Events
The attack occurred July 19th, 2021, and affected approximately 54 million customers. The information stolen included dates of birth, social security numbers, addresses, consumer names, and driver’s license numbers. The company said that the breach did not affect consumer financial data such as payment information.
On August 26th, the Wall Street Journal published an interview with 21-year-old American John Binns, who claimed responsibility for this attack. Binns recently moved to Turkey, where he committed the hack.
He cited that T-Mobile’s security is “awful” and that he orchestrated the data breach to bring this to light. Binns declined to comment on whether he received money for the attack or if he sold some data. The report does not state whether Binns was working with others or acted alone.
Impact of the Breach
T-Mobile says it has contacted almost all affected customers and that those who were unaffected will see a banner on their account notifying them of the situation. This is a standard operating procedure for the business.
The company is providing free access to McAfee’s ID Theft Protection Service for two years along with advanced spam-blocking technology. It is also offering its Account Takeover Protection Service to affected customers. This service aims to protect customers from having their accounts stolen and ported out. T-Mobile has reset PINs for every prepaid customer, which represents around 850,000 accounts.
A breach of this magnitude could inflict serious damage on T-Mobile customers. Although it did not include specific financial information, cybercriminals could use the data to apply for driver’s licenses, file fraudulent tax returns, and open new credit cards under the victims’ names. This could cause ruined credit, tax refund theft, or worse.
Additionally, cybercriminals could use the T-Mobile data breach to increase phishing attempts through fraudulent emails and websites. Since T-Mobile consumers will expect correspondence on this issue and how it affects them, cybercriminals could easily send fake information to lure users to click on links that could pull personal data.
Protection by MSPs
While major attacks like the T-Mobile data breach always make the news, small businesses are just as susceptible to stolen data.
An MSP can assist small businesses with cybersecurity services and train employees on keeping the systems safe by identifying phishing attempts through email and messages. As technology continues to improve and an increasing amount of sensitive customer data lives online, managed IT security services are now more important than ever.
If an attack is unavoidable, employing the right IT security services can ensure you get your data back through the proper disaster recovery plan. MSPs are security experts and have the tools to identify and eliminate a potential threat before it becomes a major disaster, like the T-Mobile data breach.
If you are a small business owner and interested in hiring a well-qualified and effective MSP that offers cybersecurity services, contact ThrottleNet today! Get a free cybersecurity evaluation and start improving your business’s security. Our cybersecurity professionals are standing by ready to help you keep your customers, employees, and business safe!