How to Protect Yourself from the T-Mobile Breach and SIM-Swap Scam

On August 17th, T-Mobile discovered they had allowed hackers to steal information from more than 53 million of their current, past, and prospective customers. Hackers broke into their servers through an open access point, stole information, and attempted to sell it online. T-Mobile found out about the attack after an individual was selling their stolen customer data in an online forum. The information stolen included first and last names, birth dates, SSNs, and driver’s license information and was selling online for between $80,000 and $270,000 worth of Bitcoin.

Even if you aren’t a T-Mobile customer, your information could have been compromised if you ever applied for an account. If you transferred your number and PIN to another carrier, you are at risk of a SIM-swapping hack. SIM-swapping is when someone is able to trick a phone carrier to believe they are someone else and switches that person’s phone number to their control. Once someone takes over their phone number, they can impersonate that person on any of their accounts, including those protected with multi-factor authentication.

Additionally, usernames and passwords were leaked in the breach, so hackers have a plethora of personal information to hack into several other accounts including email, bank, or social media accounts.

Luckily, there are some steps you can take to prevent SIM swapping on your account including:

  • Check to See if SIM Has Been Swapped: Firstly, check your phone to see if your SIM was swapped. If your SIM card is no longer active, you won’t be able to place calls from your phone, even to customer service.
  • Add a PIN Code: Whether you are a T-Mobile, Verizon, or AT&T customer, add a new PIN and password to your wireless account to add an extra layer of security.
  • Check with T-Mobile: Call the customer hotline to check your protection level and add additional protection through your carrier as available.

We will provide additional support details on the T-Mobile breach as more information becomes available.