T-Mobile to send out letters regarding “unauthorized access” of customers’ personal details

Screen Shot 2014-01-02 at 19.06.19

2013 was not a great year for personal security. Whether it’s Snapchat or the NSA’s shenanigans, there have been more reports of account hacking than we’ve seen in a long time. Even Apple’s own developer account was shut down for a couple of weeks due to a security breach. It seems T-Mobile customers may have had their personal information compromised too.

DataBreaches.net has uncovered a letter that’s due to be sent out to T-Mobile customers soon outlining unauthorized access to its customers’ personal details. According to the letter, this access to a file stored at a supplier server was discovered in late November. The files in particular included information such as names, addresses, social security numbers and driving license numbers.

As explained in the general letter, it looks like those hackers accessing the file were actually looking for credit card numbers, which they didn’t get. Thankfully. As a gesture of good will, T-Mobile is also offering up 12 months of Experian’s ProtectMyID Elite membership to help customers keep up to date with any unauthorized access to their accounts/credit cards etc.

Although we believe the primary goal of the access was to obtain credit card numbers (which were not included in the file), the information that was accessible could also potentially be misused. Our supplier has taken immediate measures to secure the impacted servers. 

We are also providing this notice to help you take steps to protect your personal information from possible misuse. We have arranged for you to receive one full year of ProtectMyID Elite, an Experian product which provides credit monitoring capabilities and assistance for identity theft protection including identity theft insurance. ProtectMyID Elite is completely free to you and enrolling in this program will not hurt your credit score. Follow the instructions below to activate ProtectMyID. Your enrollment is open until March 31, 2014.

Since this hasn’t become a major story of millions affected, I imagine that the number of customers affected by this is very minimal. And, although the details accessible from these files could potentially be misused, you can perhaps rest a little easier knowing that the hackers didn’t get what they had tried to get hold of. That said, it would frustrate me to know that my details may have been accessed in November and I didn’t find out until the new year.

To read the full letter, head on over to the California Department of Justice site where the letter has been made available to view.

Be sure to let us know if you receive the letter.

Via: DataBreaches

Tags: , ,

  • ccnet005

    Interesting, which tmobile supplier.
    I don’t recall, but didn’t “Target” fess up sooner than this?
    Maybe the “T” in tmobile should also stand for “Target”.

    • AussieB

      If this becomes public, they can be in for some bad PR…at least they’ve taken a step by providing customers with a make good

    • fsured

      I think part of the reason Target got caught sooner is for the large size of customers with information stolen. Wasn’t it like 40million? That would almost be the number of T-Mobile customers in total. The information from the Target customers was already turned around for selling and used by criminals. I got a call on Friday from my bank saying my card was being swiped in California and I live in Texas. I certainly did shop at the Target that is walking distance to where I live. While disturbing for sure there could be factors that prevented them from speaking about it. If your information was compromised no answer the company gives would satisfy you.

  • AndroidProfit

    Maybe John needs to get the phuck off of Twitter and deal with pressing issues like w this one! 2 months to announce this? Well at least they took the opportunity to strike a deal with Experian. Maybe this is why it took two months to announce…this gave T-Mobile an opportunity to strike a deal with Experian. Jerk offs

    • GinaDee

      Bitter aren’t we? We tried your credit card but it was declined due to insufficient funds and poor AT&T coverage. You are safe for now.

      • AndroidProfit

        Now THAT WAS WEAK! Try harder babydoll.

        • Hahahaha

          Ditto. A T-Mobile fanboy calling another company’s coverage poor is weak indeed!

      • AndroidProfit

        Sheesh I couldn’t reasonably expect a TMobile fanboy to be original given you stole Salma’s image to use as your avatar.

    • thetruth

      you sir are the douche of the day…please go to the back of the room to enjoy your prize

      • AndroidProfit

        Truth hurts I know.

    • noc007

      This reminds me of when millions of credit card numbers were taken from Heartland Payment Systems in 2008. They didn’t announce it until Obama’s first inauguration so it wouldn’t get much publicity.

  • Guest

    Have they identified how many accounts may have been hacked? I hope it’s a small percentage.

  • vrm

    I was told by t-mobile rep at the time of opening account that SSN and DL# are only used during the credit check and not stored anywhere. I was suspicious of that because they often refer to the last 4 digits of SSN.

    Now it appears that not only do they needlessly ( I am not sure what purpose it serves for anyone to do so) store this sensitive information, they hand it out to anyone who wants it and call them a “supplier” !

    • philyew

      This may have been collected directly by the supplier when opening a retail channel account. If this the same data breach as experienced by Target customers, that would be the case.

      • vrm

        What retail channel account ? I went to the store directly to open an account and it was the store where they did the credit check. I was SPECIFICALLY told that that is the ONLY use of that information and that that information would not be persistent on any system; the credit check app supposedly stores it only in its runtime memory.

        According to t-mobile website, that store is a corporate store.

        • philyew

          I was talking about the reported data breach, not your personal situation.

    • InsideBaseball

      Your credit application is saved because your financial obligations, both inside and outside of T-Mobile, impact their perception of you. As you might know, your credit is a way of determining your trustworthiness and if you bail on your bill and stop paying for you device, T-Mobile will attempt to collect on that. If you file for bankruptcy outside, that will impact how many more lines you can add and how many new devices you can purchase on credit. So, in oder to protect T-Mobile business, it is very important for them to keep this information. It is also a way to counteract fraud. It prevents the same info to be ran multiple times if there are still bad debts associated with it or if it’s being misrepresented. This is the case with all carriers and those who work with credit.

      Also, the supplier mentioned, I’m assuming is Tera Data. They are the major warehouser of all the top telecom companies in the US and they specialize in managing personal data. Obviously, their credibility may be in question, but they are professionals who have to proper tools to manage this information. Based off the scope of this company, I wouldn’t be surprised if the other carriers were not affected.

      So, for the sake of those affected by the breach, lets put your ignorance aside and tip a cap to a company jumped on a grenade for someone else and is offering some assistance to help remedy the situation.

      • vrm

        I still do NOT understand the reason to STORE my SSN, DL, DOB and other such information permanently on their systems ( they do not need to STORE that information to do a credit check and that is what I was led to believe), much less PASS on that information to others without my consent. I am even surprised that congress has not enacted legislation to PREVENT such misdeeds. tera data may mean the world to t-mobile and to you- it means NOTHING, I repeat NOTHING to me. Tera data can track my usage information based on name and tel # alone- they SHOULD NOT be receiving my SSN.

        Heck, even google does not ask for ANY of this information to offer ANY of their services to me and there is no one that analyzes data better than them.

        • Oh please. People hand out their Social Security #;s like they are eating froot loops. Stop being a cry baby!

        • InsideBaseball

          He forgot to read the terms and conditions. t-mobile .com /privacy
          Is it too late to tell that prepaid accounts don’t ask for this information or that T-Mobile offers no credit check post paid plans or should we let him suffer?

      • vrm

        …your financial obligations, both inside and outside of T-Mobile, impact their perception of you. As you might know, your credit is a way of determining your trustworthiness… blah blah

        And that is EXACTLY the reason they have an obligation to not f$ck my credit history. Wonder how many peoples’ credit worthiness was good UNTIL it was checked by companies like this ? This is hardly a t-mobile issue and it is unfortunate that companies want to store peoples’ SSN, DL etc permanently on their systems, which even under great care can lead to abuse but most of these companies do not even CARE about security.

        I do not like companies doing this and it is a personal affront to me when people defend this abuse of extremely personal/private information, the loss of which can destroy my livelihood.

    • Mike

      Even if they didn’t store the full SSN and only the last 4, it is still enough to do damage. When is the last time anyone asked you for more than the last 4 digits when trying to determine your identity? In addition, when do they ask more than just that? It is rare.

  • pzzdog

    now i know why someone could using my account went to the store upgrade four galaxy s4 and changed my classic plan to simple plan at 10/15.took me 45 days talked to over 10 representatives and my bill still $2500 ,finally email to CEO john then other representatives took care that, but now i have to check my credit report

    • D Nice

      Man! sorry to hear this… something similar to this happened to me when I was with Verizon.

  • Angry

    Just trying to get the customers in the right frame of mind for the Sprint takeover…

    • Mike

      What does this mean? Are you implying that Sprint has poor customer personal information security measures?

  • Guest

    I wonder if there going to talk about this during the CES announcement 1/8 next week with the Uncarrier 4 event.

    • Mike

      I doubt it as that isn’t the appropriate forum for such discussion.

  • Heney Youngman

    They have my credit. Please!

  • tech916

    Nothing New TMOBILE sells your info to Telemarketers, and Collection Agencies even if you’re a customer of tmobile.

  • ZGalLisaB

    I didn’t get the letter yet. But I know my info was obtained because I got an email saying that a phone was activated in my name. The best part is the number they “activated” is a number I had in 2008. That was changed…….Called t-mobile and they had no idea that there was a breach….smh. One rep even said just delete the email and not worry about it….ummmm what?!?!?!

  • Jason Griffith

    These crooks has cloned my brothers sim card and made bunch of international calls ringing up his bill.