Last week we saw the mobile phone carrier T-Mobile fall victim to cybercriminal activity when a hacker accessed the personal data of their users.  They learned of the breach via claims that were made on an online forum.  This led to an investigation and hiring of cybersecurity experts to help with the situation.

They have not been able to confirm at this time whether financial information was compromised, but have confirmed the following data was breached:

  • Driver’s license numbers
  • Government identification numbers
  • Social Security numbers
  • Dates of birth
  • T-Mobile PINs
  • Names

As a result of this breach, experts were hired – at expert-level salaries, press-releases were written, web pages needed to be created with all the information that users would need, additional customer service channels needed to be established to answer questions, identity monitoring needed to be made available to all individuals affected, and much more.  This not only took the existing workforce away from their jobs, it required additional hiring of people and resources to accommodate the influx of calls.  And this had to be done while simultaneously addressing any reputational damage that occurred as a result of the breach. 

If this happened to you, what resources would you be able to draw from to get your company back to work? Most likely you have a much smaller pool of resources than T-Mobile.

So, what can you do? You’ll want to take this as an opportunity to review and enact strong cybersecurity practices in your business. This also brings to light the importance of  cyber insurance in helping businesses recover from a data breach; but let’s be clear that cyber insurance is not an alternative to strong cybersecurity best practices. In fact many cyber insurance policies require strong cyber security controls to be in place to honor any payments for breaches. Check your errors and omissions! Additionally, if you have any clients that are using this mobile carrier, they’ll want to take immediate action to protect their accounts.

If you know someone using T-Mobile, remind them to:

  1. Change their password on their T-Mobile account and any other account that would share that password.  Moving forward, don’t use the same password for multiple accounts!
  2. Always use two-factor authentication.  This second way of verification may seem cumbersome initially, but it will save you much more work in the event of a data breach. 
  3. Clean up your digital footprint.  Old accounts may have the same password as this breached account.  Even if you don’t use it, it may link the hacker to valuable information about you that can be cross-referenced to enable them to steal more of your data or identity!
  4. Enable credit monitoring and freeze your credit.  This prevents any new accounts from being opened.

These steps, along with being diligent about looking at usage on your credit card accounts or bank statements will be important in the effort to mitigate any damage done by this breach.  While the effort should be ongoing, when a large breach like this occurs, it’s even more critical to take immediate action.