Data breaches: What they are, why they're serious, and is your privacy at risk

News
By Jerry Hildenbrand
published

T-Mobile logo
T-Mobile logo (Image credit: Android Central)

T-Mobile just fell victim to yet another breach of customer data. We hear about this more and more as so many companies are now in the data collection business, and things aren't likely to change. Unfortunately, it's a lot easier to collect and keep data than it is to properly protect it from hackers.

T-Mobile offers good service and sells the best Android phones, so it has billions of dollars to repair any damage on its end, but what do we need to know (and more importantly, do) when our data gets exposed by another party? We need to know this because no company is going to offer any real help to the actual victims of a corporate data breach. Instead, we get free fraud monitoring and a pat on the head. Don't just depend on a service to catch someone using your stolen data — auditing yourself is easy and can fix bad things before they happen.

What you need to know about the T-Mobile data breach

In early August 2021, someone (or multiple persons) posted a notice that they were selling customer data from T-Mobile. You won't find these sorts of ads on Craigslist — you need to be able to surf the "dark" side of the web where forums specifically designed for this sort of commerce exist. No, I'm not going to tell you how.

Prepaid and postpaid customers are affected.

The listing claimed it was for names, addresses, social security numbers, and other personal data for current and past T-Mobile customers. Of course, there was some skepticism, but samples provided by the seller did turn out to be valid.

T-Mobile didn't deny there was a data breach, but it also wasn't very forthcoming about what was stolen at first. This is actually OK because to know the truth, it had to investigate. Once done, the company announced "customer accounts that included first and last names, date of birth, SSN, and driver's license/ID information were compromised" for millions of current and former subscribers.

"We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders."

If you were affected, you probably received a text message from T-Mobile customer care. Pay attention to it and follow through. If you haven't received a message, you still might. There is a lot to pore through, and the company isn't finished investigating.

Remember that this isn't entirely T-Mobile's fault. A thorough investigation may find that the company did everything right because even then, someone smart enough can find a way around security. It sucks, but things like this happen. What's important is that companies that hold sensitive data learn from every one of them.

What you can do

1Password logo on a Pixel 4 XL

Source: Joe Maring / Android Central (Image credit: Source: Joe Maring / Android Central)

If you're a victim of the latest or any future data breaches, you shouldn't just ignore it. Being proactive isn't difficult, even if it is a little inconvenient. In the end, it's a lot easier than fixing the damage that could happen if you do nothing.

  • Audit your passwords. You probably have many online accounts, and you need to make sure each of them uses its own unique password. There is no way to remember every strong password for every one of your accounts, so use a password manager. Here are the best ones to use.
  • Use 2-Factor Authentication. Almost every service offers 2FA (Two-factor authentication) for user accounts. It's not as difficult as you think it is to enable 2Fa wherever you can, so just do it. Here's a primer on what 2FA is and why it's important.
  • Use the services offered to you. The most recent breach of T-Mobile data means the company is offering two years of McAfee's ID Theft Protection. Sign up for it and use it. A service like this can monitor the internet to see if someone is using your name or personal details, so you don't have to do it yourself. Whatever mitigation a breached company offers to its customers is always worth using.
  • Freeze your credit. This is a huge pain in the you-know-what, but it's also the only way to be 100% sure nobody is using your credit cards or trying to open a new line of credit in your name. You can find the necessary paperwork from Equifax, Experian, and Transunion to put a lock on everything easily. What's not so easy is actually needing to use your cards or to apply for a loan while your credit is locked. To do so, you'll need to remove the credit freeze and then replace it. It's a lot of hassle, but it might be worth it.

Google account security page

Source: Joe Maring / Android Central (Image credit: Source: Joe Maring / Android Central)

As mentioned, data breaches are a way of life. Sometimes the company involved does everything by the books, and someone a bit savvier finds a way around any protections. Other times, security is lax, and it seems like a giant corporation doesn't care about you or your data. In either case, storing data means that someone, somewhere, will try to get it, and they might succeed.

Doing nothing is never the right call when your personal data gets exposed.

What's most important is the things you do to protect yourself from financial and personal harm afterward. It's not difficult to do a few things that make it hard for anyone with your data to do anything except look at it. So take the time to protect your personal details, your online accounts, and your finances.

Jerry Hildenbrand
Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.