• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

T-Mobile Users Affected by 2021 Data Breach at Risk of Identity Theft and Fraud

March 3, 2022 By Sven Taylor — 6 Comments
T Mobile Breach Identity Theft

T-Mobile suffered a major data breach in August 2021 that affected the private data of 53+ million users. Today, we are seeing reports of identity theft among T-Mobile users as well as T-Mobile user data being sold on the Dark Web. These events have prompted the New York Attorney General to issue a consumer alert warning T-Mobile users of the heightened risks.

Update: Numerous other state attorney generals from California, Washington, Delaware, and more, are also urging people to be on alert for identity theft and fraud as a result of T-Mobile’s 2021 data breach.

Are you a T-Mobile customer? If so, your private data may be up for sale on the Dark Web, putting you at heightened risk for identity theft, phishing attacks, and financial fraud.

Earlier today, the New York Attorney General’s office issued an urgent consumer alert warning T-Mobile users (both past and present) about the heightened risks of identity theft and fraud. New York Attorney General Letitia James issued this warning in a press release:

I have an urgent message for T-Mobile customers and other consumers: Be aware of any misuse of your personal information and follow the guidance provided by my office to protect yourself from identity theft.

Information stolen in a massive data breach has fallen into the wrong hands and is circulating on the dark web. The guidance offered by my office can help prevent identity theft. I advise all New Yorkers to maintain their financial safety by following the guidance my office has laid out. No consumer should have to deal with the devastating realities of identity theft.

Consumer Alert from New York Attorney General Letitia James

To put these events into context, we need to first look back at what happened with T-Mobile last year.

August 2021: T-Mobile admits massive security incident

Private data is extremely valuable to cybercriminals. Back in August 2021, they hit the jackpot. T-Mobile admitted the unnerving details in this blog post where they stated:

  • “We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised.”
  • “Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed.”
  • “We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised.”

With full name and social security information for 53+ million T-Mobile users, this is a treasure trove of data for bad actors to exploit.

Hackers can utilize this information to carry out identity theft attacks, gain unauthorized access to accounts, launch phishing attacks, and also commit financial fraud against their targets.

In addition to carrying out attacks, the data from T-Mobile customers is also valuable for data brokers. There are numerous websites, both on the regular internet and on the so-called Dark Web, where one can buy and sell private data of individuals. And the market for this is massive.

One reason for today’s consumer alert is that there have been more reports about T-Mobile user data being sold online by cybercriminals. According to the New York Attorney General’s report,

Recently, a large subset of the information compromised in the breach was discovered for sale on the dark web — a hidden portion of the Internet where cyber criminals buy, sell, and track personal information. Many individuals received alerts through various identity theft protection services informing them that their information was found online in connection with the breach, confirming that impacted individuals are at heightened risk for identity theft.

How T-Mobile users should protect themselves

Unfortunately, once your private data is exposed to cybercriminals, there’s no getting it back. However, there are certain steps you can take to further protect yourself and mitigate damage from past data leaks.

First, you should keep a close eye on your financial accounts and credit score. If you notice any unauthorized or irregular activities, you should contact your financial institution immediately.

Cybercriminals will often leverage private data to gain access to other accounts and services. This goes beyond just identity theft and identity fraud and moves into the realm of inflicting serious long-term financial damage.

Another tip is to place a credit freeze on your credit report. This will prevent cybercriminals from being able to open new accounts in your name. To place a credit freeze, simply contact the three large credit bureaus:

  • Equifax – https://www.equifax.com/personal/credit-report-services/credit-freeze
    +1 (888) 766-0008
  • Experian – https://www.experian.com/freeze/center.html
    +1 (888) 397-3742
  • TransUnion – https://www.transunion.com/credit-freeze
    +1 (800) 680-7289

There are also data breach monitoring tools you can use. Some tools monitor in real-time. Others allow you to scan past breaches for personal information. For instance, the Have I Been Pwned database allows you to check if your information appears in any past breaches.

Lastly, we always recommend limiting the amount of data you share with third parties. When signing up for new services and products, keep as much of your information private as possible. Remember that every database that contains your private information is a potential data breach waiting to happen. Therefore the less data you provide, the better.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. Dave

    May 4, 2022

    Really hacked me off and surprised me to receive that notification as well.
    I haven’t been with tmobile for approximately 20 years. That was before I moved to the state I’m in now because they don’t offer service here.
    So I was shocked….

    Bummer. I’m already on a credit monitoring service because of another data breach ~5 years ago from my pharmacy.

    Reply
  2. terry

    March 12, 2022

    Sven, can you do a post on the privacy of video conference companies? I have been trying to get people to switch to Jitsi (from Zoom), but all the info against Zoom is fairly old. Can it be trusted now? Also maybe include things like Telegram and Signal video calls. Thanks

    Reply
  3. Juneteenth

    March 10, 2022

    It is impossible, or very nearly so, to use a California lifeline phone and avoid T-Mobile. This is Millions of people since covid happened! Being income based, a LOT of people who cannot afford to buy ‘lifelock’ type protection are in big trouble and likely don’t even know it.

    Reply
  4. clinton

    March 5, 2022

    This effects me, pretty irritated and T-Mobiles response was pathetic, this is like the 4th time they have been hacked in 2 years now? At what point do you just say they don’t even try to secure their customers data?

    Reply
  5. Freddy

    March 5, 2022

    In the UK, there is no law that requires the Credit Reference Agencies to freeze an account at the request of the ‘customer’. They simply refuse to do so and continue collecting, processing and selling people’s data because they can. I’ve tried with the three agencies. All refuse.

    I haven’t used ‘credit’ (to my knowledge), not taken loans, borrowings, ‘buy now, pay later’ options, or anything similar, yet in the UK system, it is currently impossible to stop the CRAs trading your data.

    Reply
  6. Ted

    March 4, 2022

    Sad. No surprises here. I smell a class-action lawsuit. This is going to really harm everyone involved in the breach, particularly those who are not on top of their cybersecurity game. Reminds me of the Equifax breach. They ended up paying out millions.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP