T-Mobile has become the latest victim of what has become a never-ending series of major data breaches. In a very prompt and responsible statement, T-Mobile announced yesterday that it suffered a data breach on August 20th in which personal information of approximately two million of its customers was compromised. While according to T-Mobile the information stolen did not include Social Security numbers or passwords, it did include names, zip codes, phone numbers, email addresses, account numbers and the type of account the customers had. This type of information is often used by hackers to formulate dangerous spear phishing emails and text messages to lure you into clicking on malware infected links which may include ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft. At its worst, such as in the Equifax data breach, sensitive personal information such as your Social Security number can be used directly to make you a victim of identity theft. It should be noted, however, that cell phone number information can also be leveraged through a technique called porting to take over your cell phone by having your phone’s SIM card transferred to a phone controlled by the scammer.
Here is a link to T-Mobile’s public statement regarding this data breach. https://www.t-mobile.com/customers/6305378821
The best thing you can do to protect yourself from spear phishing emails and text messages is to never click on links in emails or text messages, regardless of how legitimate or innocuous they may appear unless you have absolutely confirmed that the communications are legitimate. The risk of downloading malware is to great if you click on links without verifying that they arelegitimate.
To prevent someone from stealing access to your phone through porting, you should have a PIN added to your account so that no one can call your cell phone provider posing as you and ask to have your SIM card transferred. You also should never leave your credit card or debit card number on file with websites for convenience. Your convenience can easily lead to identity theft and fraudulent charges in the event of a data breach. In fact, as I have mentioned many times, you should not use your debit card for any consumer purchases because the consumer protection laws for fraudulent debit card use are not as strong as those that apply to fraudulent credit card use.
You are only as safe as the places with the weakest security that hold your personal information. As much as possible, you should limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor may ask for your Social Security number as a means of identification, but he or she has no legal need for it. Also, you should protect your own personal electronic devices, such as your computer and cell phone by always promptly updating all of the programs you use when new updates or security patches become available. Use strong unique passwords for all of your accounts so that if your password is compromised at one company, all of your accounts are not in jeopardy. Also, use dual factor authentication whenever you can for added security.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can go to and find out if your information was affected by recent data breaches. Here is a link to their website. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”