On August 17, 2021, T-Mobile confirmed that a cyberattack had exposed critical data for millions of current, former, prospective, and pre-paid customers. The data breach involved personal information such as social security numbers (SSN), names, addresses, dates of birth, and driver’s license numbers. The attack also allowed hackers to engage in a devastating SIM-swap scam which cost some cryptocurrency holders millions.
At Levin Law, P.A., we are investigating cryptocurrency losses related to the T-Mobile cyberattack and other data breaches. If you experienced financial harm as a result of a cellular company’s security failure, contact our office for a free case evaluation.
T-Mobile’s recent data breach has affected over 50 million customers, according to reports. An August 27th news release from the company’s CEO, Mike Sievert, detailed what the company had learned about the attack and what they would be doing to protect customer data in the future.
According to updates provided by T-Mobile and Sievert, the cyberattack compromised the data of customers, providing hackers not only personal identifying information but also access to IMEI and IMSI information which are identifier numbers associated with a mobile device.
Critically, the breach exposed certain individuals’ account PINs which are used to verify the identity of a caller wanting to make changes to their account. With an account PIN, a hacker is then given nearly unlimited access to a person’s device and engage in SIM swapping.
SIM swapping is an elaborate fraud that allows a hacker to completely take over an individual’s mobile device and account. A SIM is a subscriber identity module and is unique to each customer. The SIM card saves personal information making it easy for a person to upgrade to a new device without losing all of their information.
In a SIM swap scam, the hacker first accesses a person’s identifying information through a data breach. If the data includes the customer’s account PIN, the hacker can then use that one identifier to call into the cellular company and request that the SIM card is swapped to a new device. This then allows the hacker to overcome any two-factor authentication or two-step verification codes which usually send a text message to the person’s device.
Once the two-step authentication process is complete, hackers are able to gain access to an individual’s email, drive, and financial information. SIM swapping has been linked to multiple cryptocurrency thefts, including those of T-Mobile customers whose data was compromised in the most recent breach.
One of the easiest ways to confirm that your SIM card has been hacked is if your phone suddenly loses service. Victims of SIM card swaps report suddenly being unable to text, call, or receive emails on their devices. In some cases, individuals receive a text message from their carrier notifying them that their SIM card has been changed.
If your device suddenly stops sending and receiving text messages, or you are unable to make calls, notify your cellular carrier immediately. The problem is not unique to T-Mobile customers. It is crucial to protect your data regardless of your provider. With the increase in the availability of cryptocurrency, cyberattacks and SIM swap scams will likely continue to rise.
The best way to protect your data is to be proactive. It is recommended that T-Mobile customers change their PINs. If you do not have a PIN code or password on your account, it is strongly encouraged that you assign one now. Avoid using easily accessible dates such as birthdays, phone numbers, or anniversaries.
Other ways to protect your data:
In a detailed report regarding protecting your identity, CNET suggests utilizing a password manager to keep track of all of your passwords, enabling you to make them more secure. Adding as many extra layers of security as possible is key to protecting your information.
If a data breach does occur, CNET recommends:
In response to the security breach, T-Mobile is offering two years of free identity protection services to all affected customers and has made Account Takeover Protection available for postpaid customers.
If you suffered financial loss as a result of a cellular company’s data breach, contact Levin Law, P.A. today for a free case evaluation. Call (305) 402-9050 or email email@example.com to speak directly with managing partner Brian Levin.
Most cases are handled on a contingency fee basis, meaning that clients are not obligated to pay Levin Law’s attorney fees unless money is recovered on their behalf.
Levin Law is a premier national securities, cryptocurrency, and class action law firm. Brian Levin, Levin Law’s managing attorney, has obtained settlements and recoveries over $100,000,000 in assets through arbitration and litigation for individual and institutional investors throughout the country and the rest of the world. Levin Law represents retirees, individual investors, high-net-worth investors, ultra-high-net-worth investors, institutions, family offices, trusts, publicly held companies, and others.