The professed hacker detailed how he carried out the August cyberattack. Here's what else you should know.
The alleged hacker behind T-Mobile's latest cyberattack has spoken out about the August hack. The breach includes names, driver's license numbers, Social Security numbers and device identification (IMEI and IMSI) numbers for subscribers, former customers and even prospective customers. The wireless carrier is reportedly facing three lawsuits that stem from the breach.
John Brinns, the 21-year-old who claims responsibility for the hack, detailed the breach that affected over 54 million people, in an interview with The Wall Street Journal. Brinns shared that T-Mobile had unprotected routers and weak spots in the company's internet addresses that gave him access to over 100 servers. However, he did not share with the Journal whether he sold the data or if he was paid to carry out the breach -- which could be a bigger problem for those affected.
If you're concerned, you can read our guide to checking if your password is on the dark web. We'll also keep you posted about a possible class-action suit against T-Mobile. Here are some things you can do to help secure your sensitive data against any hack, regardless of whether your information has been included in any number of data breaches.
One of the first things you should do is put a freeze on your credit. Doing so will prevent anyone with your information from opening a line of credit, or taking out any loans under your name. Freezing your credit won't take long: You'll just need to fill out a form with Equifax, Experian and Transunion (one from each company) to make the request.
The downside to freezing your credit is that when you want to make certain purchases, such as upgrading your iPhone, you'll need to go through the process of briefly removing your credit freeze -- and then refreezing once you're done.
Yes, it's inconvenient. But the extra time you take to freeze, unfreeze and then refreeze your credit is worth it and pales in comparison to the time you'd spend trying to reverse the damage done by someone opening a credit card or line of credit in your name.
Staying on top of what's on your credit report is an easy way to make sure someone isn't using your information nefariously. Some companies offer free credit monitoring to victims of a data breach, but oftentimes that's only temporary. For example, T-Mobile is offering two years of McAfee's ID Theft Protection Service for free to those affected by the latest breach. Take advantage of offers like this if your data is included in a breach, but once the limited-time offer expires, be ready to sign up for another service.
There are several credit monitoring services that help you watch your credit report and using one could mean you will receive an alert and hopefully catch false accounts as soon as they happen.
Monitoring your credit report is an important step to take; however, there's so much more that can be done with your personal information. In addition to keeping an eye on your Social Security number and credit, an identity-monitoring service will monitor the dark web for anyone selling or trading your personal information or arrests under your name. It should give you peace of mind if someone tries to do anything with your personal information.
Using a unique and strong password for every online account you own is an easy way to make sure a breach of one service doesn't lead to bad guys accessing more of your online accounts where you used the same password.
Instead of reusing a password -- or a series of passwords -- rely on a password manager to create, store and autofill your login information. T-Mobile is also sharing best practices to reset PINs and passwords with customers to help protect their data and logins.
The most important aspect of taking action after a hack or breach is announced is to not wait for the affected companies to announce how they want you to handle it. Be proactive. At the end of the day, it's your information and your financial future that's at stake.
After locking down your credit and starting monitoring services, begin to look at suggestions from the affected companies.
Some breaches lead to settlements, forcing the company to offer free services or settlements, as in the 2017 Equifax case.