What should you do about the latest T-Mobile data breach of 37 million accounts?

I’m now a T-Mobile customer. Darn. I switched because I was upset that Verizon wouldn’t give me a deal on a new iPhone and I wanted to be in a family plan with my grandson from Spain who’s going to college in Massachusetts.

T-Mobile announced last week that its customer records have been hacked again. This time, it affects about 37 million accounts. The disclosure came in a regulatory Filing with the Securities and Exchange Commission. The breach was discovered two weeks before the announcement.

T-Mobile, one of the big three cell phone companies, said “a bad actor” obtained “limited types of information” on customer accounts.

“As soon as our teams identified the issue, we shut it down within 24 hours,” the company said in a statement.

The company said basic customer information was obtained including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.

In 2021, T-Mobile said that personal information including full names, dates of birth, Social Security numbers, and more was compromised for about 53 million current and prospective customers. 

More needs to be done to protect consumers’ personal information, said Teresa Murray, consumer watchdog for PIRG, a public interest research group.

“It’s been 15 years since the first huge corporate data breach, which compromised 100 million payment records with Heartland Payment Systems,” Murray said. “After all this time, companies still haven’t figured out how to take care of their customers. It’s infuriating.”

Consumers provide lots of personal information to utilities, retailers, insurers, hotels, and more, and it’s reasonable to expect that they’ll safeguard it, Murray said, adding, “Yet again, that trust has been violated by T-Mobile.”

All companies – especially those the size of T-Mobile which has so much data – must do better, she said.

PIRG offers these tips to protect yourself from fraud, identity theft, and headaches:

1. Make sure your contact information is up to date with the banks, credit cards, investment firms, and other financial institutions you do business with so you can be notified about fraud.
2. Opt in for two-step authentication for online access with any company that offers it.
3. Sign up for transaction alerts with your financial accounts, so that you get text alerts or email messages about any withdrawals or transactions above a certain dollar amount, new transfers, payees added, or any changes in contact information.
4. Watch out for links in emails or text messages or on social media, such as Facebook, that you weren’t expecting that bait you to click on them out of fear or curiosity.
5. Be on the lookout for phone calls from people posing as your bank, the Social Security Administration, your health insurer, and others.
6. Protect your cell phone and primary email account that you use for financial accounts above all else. Make sure the password for your primary email account isn’t used on any other account.
7. Keep an eye out for mail addressed to someone else that uses your address, or mail addressed to you that makes no sense such as denials for loans you didn’t apply for or health insurance statements for medical visits you didn’t have.
8. Don’t use the same password on more than one account.
9. Never use a password that you use for a social media account such as Facebook, Twitter, or Instagram, on any other account and especially not on your email account or any financial account.
10. Be careful about joining WiFi networks in restaurants, hotels, or other public areas.
11. Consider buying a locking mailbox because a lot of important personal information can be stolen if someone raids your mailbox.
12. Consider whether it makes sense to sign up for online statements from entities such as your employer, your bank, or your credit card company so that you don’t have to worry about the items getting in the wrong hands.
13. Know when to expect statements each month whether you get them by mail or online and reach out if something is missing.
14. Check your credit reports regularly to make sure there are no accounts or inquiries you don’t recognize.
15. Contact creditors by phone if there are accounts on the credit reports that aren’t yours to find out whether these are mistakes or whether you’re the victim of identity theft.
16. Consider putting a freeze on your credit files with the major credit bureaus.
17. Don’t get complacent if you’ve put freezes on your credit files because 88 percent of identity theft involves existing accounts.
18. Ask your banks, creditors, and investment firms whether you can put additional PINs or verbal passwords on your accounts that don’t involve any public record data, such as your date of birth or mother’s maiden name.
19. Realize that most identity theft monitoring companies don’t prevent identity theft – they just notify you once a problem has been detected.
20. Buy a shredder and use it to destroy sensitive documents.
21. Avoid using payment terminals where you swipe the magnetic strip on your card because it’s safer to dip your card’s EMV chip.
22. Pay attention to the credit scores provided on any of your credit card accounts. If they change dramatically from month-to-month, it could be a sign of fraud.

So, be vigilant about protecting your personal and financial information. T-Mobile and other companies with massive data breaches such as Target, Home Depot, Facebook, JPMorgan Chase, and Equifax are massively failing to protect consumers’ data.