Last week I reported to you about  a data breach at T-Mobile initially discovered when hackers started offering  for sale on the Dark Web data of what they said was 100 million customers of phone carrier T-Mobile for sale.  T- Mobile confirmed the data breach although they say that the number of customers affected was 49 million people.  The information being sold includes names, phone numbers, Social Security numbers and addresses.  Also being sold are the PINS used by some T-Mobile customers to protect their accounts from identity theft, but now are in the hands of hackers.  This type of information poses a tremendous threat to victims of the data breach, which is the sixth for T-Mobile in the last four years.  Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name.  In addition, the phone numbers and the fact that the victims of the data breach are known to be T-Mobile customers to create phony phishing text messages, called smishing, posing as T-Mobile and luring the targeted victim into clicking on a link in the text message that can download destructive malware.

T-Mobile is still investigating the data breach, but has agreed to offer two years of free identity theft protection services including credit monitoring.  Here is a link to T-Mobile’s offer of free identity theft protection services.


So what do you do if you are a T-Mobile customer who may be affected by this latest data breach.  Perhaps the first thing you should do is something you should have already done, but as the Chinese proverb says, “the best time to plant a tree is twenty years ago, the second best time is now.”  Freeze your credit at each of the three major credit reporting bureaus.

Here are links to each of them with instructions about how to get a credit freeze:
You also should change your T-Mobile password and security PIN as soon as possible.
I would also advise you to take advantage of the offer of free identity theft services from T- Mobile.
Finally, you should be particularly cognizant of not clicking on links in text messages (and emails as well) unless you have absolutely confirmed that the text message or email is legitimate.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link.