T-Mobile asks service plan applicants to submit their Social Security and government ID numbers to be able to assess their eligibility. This may be standard practice among telecom providers, but what’s interesting is that T-Mobile keeps such info long after they’ve done their assessment. This is why hackers were able to steal such information — along with customers’ names, drivers’ licenses, dates of birth, and T-Mobile prepaid PINs (which T-Mobile reset for their customers’ behalf) — last August 17, 2021.
While T-Mobile’s long-term storage of sensitive customer information is an issue, the theft of customer information is by far the bigger problem. Knock on wood, but if your own business suffers a data breach, would you know what to tell customers they ought to do to keep their accounts and identities safe against theft? In case you don’t, here’s a quick list of action steps you can tell them to do:
1. First things first: Freeze your financial accounts
Call your banks and credit facilities to freeze your accounts to prevent savings from being drained and credit lines from being maxed out. Additionally, this prevents identity thieves from opening accounts in your name. While waiting for financial institutions to create new accounts for you, you’ll need to temporarily lift the freeze to access credit for items like a car loan or a rental agreement.
2. Improve your password hygiene
You must change your passwords immediately after a breach so that hackers can’t lock you out of your own accounts. You must also do the following:
- Use stronger and unique passwords
- Use a password manager if remembering all the passwords is proving to be difficult
- Implement multifactor authentication
3. Delete accounts you don’t use
The more online accounts you have, the more places in which your information can reside. Therefore, do an online account inventory and delete unused accounts. Here are steps for doing an inventory:
- In a search engine, enter old and new usernames as search terms. Do the same for combinations of your name and email address, e.g., first name-email address, email address-full name, etc.
- In your email inbox, enter “welcome to” and “new account” as search terms.
- Check web browsers for saved passwords. For instance, if you use Bing, click on your profile picture, then Manage profile settings, then scroll down to Saved passwords to find your list of accounts.
- Check your password manager for online accounts.
If you feel that doing an account inventory is too much of a hassle, then consider that this may also help you find subscriptions that you don’t need but are still paying for. Not only would you be more secure, but you may end up canceling unnecessary subscriptions and saving money, too.
Do note that deleting unused accounts helps reduce vulnerability to data theft — provided that deleting an account leads to the deletion of that account’s data. As of this writing, Americans have yet to have a right to be forgotten, which is why companies like T-Mobile can needlessly store Social Security numbers for hackers to steal. Ask that your data be wiped together with your account, but know that companies have no legal obligation to grant such requests.
To avoid having to share this list of action steps to your customers, talk to our cybersecurity specialists at Complete Technology. Contact us today to learn more.